Schneier on Security

OCTOBER 31, 2019

Interesting story. I always recommend using a random number generator like Fortuna , even if you're using a hardware random source. It's just safer.

164

164

Krebs on Security

OCTOBER 30, 2019

Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com. “On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said i

Passwords 132

Passwords Accountability Encryption Data breaches 132

Adam Shostack

NOVEMBER 1, 2019

Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure.

Manufacturing 100

Manufacturing Marketing Software Cybersecurity 100

Tech Republic Security

OCTOBER 28, 2019

Alternative data allows businesses to discover trends and financial opportunities without compromising consumer privacy. Tom Merritt explains the five things you need to know about alternative data.

99

99

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

OCTOBER 28, 2019

In an extraordinary essay , the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities­ -- including law enforcement­ -- to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly

Encryption 145

Encryption Cybersecurity Internet Internet 145

Daniel Miessler

OCTOBER 27, 2019

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

Information Security 100

Information Security 100

Tech Republic Security

OCTOBER 28, 2019

Nielsen released predictions for the next decade at the Gartner IT Symposium/Xpo 2019 and CPG and retail supply chains will need automation, blockchain and enhanced analytics to improve security.

Retail 97

Retail Technology 97

Schneier on Security

OCTOBER 30, 2019

WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and "wrongfully trespassed" on Facebook's prope

Manufacturing 120

Manufacturing Spyware Hacking 120

Thales Cloud Protection & Licensing

OCTOBER 31, 2019

We’ve all watched a horror film and said “why are you doing that?!” as the main characters walk aimlessly down to a basement filled with chain saws or shouted, “are you stupid?!!” as they decide that it’s a good idea to hitchhike alone in the dark. While these fictional horror stories are created simply to frighten the audience, real-world businesses are just as guilty of making naïve decisions when it comes to protecting sensitive data, but with very scary consequences that exist.

Encryption 88

Encryption Backups Authentication Data privacy 88

Daniel Miessler

OCTOBER 28, 2019

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

OCTOBER 31, 2019

Reported cyberattacks against K-12 schools in the US have hit 301 so far in 2019 compared to 124 in 2018 and 218 in 2017, according to a new report from security provider Barracuda Networks.

97

97

Schneier on Security

OCTOBER 29, 2019

The Carnegie Endowment for Peace published a comprehensive report on ICT (information and communication technologies) supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know.

Technology 113

Technology 113

Security Affairs

OCTOBER 31, 2019

Roughly 21 million login credentials for Fortune 500 companies are available for sale, in plain text, in multiple forums and black market places in the dark web. More than 21 million login credentials belonging to Fortune 500 companies are available for sale in various places on the dark web. Experts at ImmuniWeb discovered that 21,040,296 login credentials for 500 Fortune companies are offered in plain text on multiple services in the dark web.

Passwords 77

Passwords Telecommunications Advertising Retail 77

WIRED Threat Level

OCTOBER 28, 2019

Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.

Hacking 75

Hacking 75

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

NOVEMBER 1, 2019

Capture the Flag challenge encourages women to pursue cybersecurity careers and connects experts with newcomers

Cybersecurity 119

Cybersecurity 119

Schneier on Security

NOVEMBER 1, 2019

Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity.

Cybersecurity 115

Cybersecurity 115

Security Affairs

OCTOBER 26, 2019

asty PHP7 remote code execution bug exploited in the wild. Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. On October 22, the security expert Omar Ganiev announced via Twitter the availability of a “freshly patched” remote code execution vulnerability in PHP-FPM , the FastCGI Process Manager

Hacking 75

Hacking Advertising Information Security 75

WIRED Threat Level

OCTOBER 29, 2019

Alexa, Siri, and Google Assistant now all give you ways to opt out of human transcription of your voice snippets. Do it.

Artificial Intelligence 75

Artificial Intelligence 75

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

OCTOBER 28, 2019

A new report from IntSights details the many ways cybercriminals break into a new generation of highly digitized cars.

Software 113

Software 113

Dark Reading

OCTOBER 28, 2019

Security experts say voting by app adds another level of risk, as mobile-voting pilots expand for overseas military and voters with disabilities.

Mobile 58

Mobile Risk 58

Security Affairs

OCTOBER 31, 2019

Two hackers have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016 and attempted to extort money from the two companies. Brandon Charles Glover and Vasile Mereacre are two hackers that have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016. The defendants have also attempted to extort money from the companies requesting them to pay ‘bug bounties’ to avoid publicly disclose the data breaches.

Data breaches 65

Data breaches Hacking Advertising Accountability 65

WIRED Threat Level

OCTOBER 28, 2019

As data hijackers continue to target local governments and hospitals, legislators remain stymied over how best to address the problem.

Ransomware 54

Ransomware Government 54

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

OCTOBER 29, 2019

The ServiceNow and Ponemon study found an average 24% increase in cybersecurity spending and a 17% rise in attacks.

Cybersecurity 111

Cybersecurity 111

Dark Reading

OCTOBER 31, 2019

APT41's new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says.

52

52

Security Affairs

NOVEMBER 1, 2019

sPower , a US-based renewable energy provider, was the victim of a cyber attack that disconnected the US power grid operator from its power generation station. sPower , a Utah-based renewable energy provider was hit by a cyber attack, the incident took place in March. This is the first time that a cyber attack hit a renewable energy provider causing the temporary interruption of communications with several solar and wind installations. “These interruptions had no impact to generation and d

Cyber Attacks 62

Cyber Attacks Firewall Advertising Cybersecurity 62

Threatpost

NOVEMBER 1, 2019

The Ai.type app was removed from Google Play in June 2019 – but still remains on millions of Android devices and is still available from other Android marketplaces, researchers warn.

Mobile 44

Mobile 44

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

OCTOBER 31, 2019

Locating and blocking unwanted open ports in Linux should be a task every network admin knows how to do.

113

113

Dark Reading

OCTOBER 29, 2019

Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.

Architecture 50

Architecture 50

Security Affairs

NOVEMBER 1, 2019

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. This week Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack computers.

Advertising 58

Advertising Encryption Hacking Information Security 58

Threatpost

OCTOBER 30, 2019

John Scott-Railton with Citizen Lab, who helped WhatsApp investigate the NSO Group over the alleged WhatsApp hack, said the subsequent lawsuit is a "certified big deal.".

Spyware 45

Spyware Hacking Mobile Malware 45

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk