A Broken Random Number Generator in AMD Microcode
Schneier on Security
OCTOBER 31, 2019
Interesting story. I always recommend using a random number generator like Fortuna , even if you're using a hardware random source. It's just safer.
Schneier on Security
OCTOBER 31, 2019
Interesting story. I always recommend using a random number generator like Fortuna , even if you're using a hardware random source. It's just safer.
Krebs on Security
OCTOBER 30, 2019
Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com. “On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said i
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Shostack
NOVEMBER 1, 2019
Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure.
Tech Republic Security
OCTOBER 28, 2019
Alternative data allows businesses to discover trends and financial opportunities without compromising consumer privacy. Tom Merritt explains the five things you need to know about alternative data.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
OCTOBER 28, 2019
In an extraordinary essay , the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities -- including law enforcement -- to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly
Daniel Miessler
OCTOBER 27, 2019
[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 28, 2019
Nielsen released predictions for the next decade at the Gartner IT Symposium/Xpo 2019 and CPG and retail supply chains will need automation, blockchain and enhanced analytics to improve security.
Schneier on Security
OCTOBER 30, 2019
WhatsApp is suing the Israeli cyberweapons arms manufacturer NSO Group in California court: WhatsApp's lawsuit, filed in a California court on Tuesday, has demanded a permanent injunction blocking NSO from attempting to access WhatsApp computer systems and those of its parent company, Facebook. It has also asked the court to rule that NSO violated US federal law and California state law against computer fraud, breached their contracts with WhatsApp and "wrongfully trespassed" on Facebook's prope
Thales Cloud Protection & Licensing
OCTOBER 31, 2019
We’ve all watched a horror film and said “why are you doing that?!” as the main characters walk aimlessly down to a basement filled with chain saws or shouted, “are you stupid?!!” as they decide that it’s a good idea to hitchhike alone in the dark. While these fictional horror stories are created simply to frighten the audience, real-world businesses are just as guilty of making naïve decisions when it comes to protecting sensitive data, but with very scary consequences that exist.
Daniel Miessler
OCTOBER 28, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 31, 2019
Reported cyberattacks against K-12 schools in the US have hit 301 so far in 2019 compared to 124 in 2018 and 218 in 2017, according to a new report from security provider Barracuda Networks.
Schneier on Security
OCTOBER 29, 2019
The Carnegie Endowment for Peace published a comprehensive report on ICT (information and communication technologies) supply-chain security and integrity. It's a good read, but nothing that those who are following this issue don't already know.
Security Affairs
OCTOBER 31, 2019
Roughly 21 million login credentials for Fortune 500 companies are available for sale, in plain text, in multiple forums and black market places in the dark web. More than 21 million login credentials belonging to Fortune 500 companies are available for sale in various places on the dark web. Experts at ImmuniWeb discovered that 21,040,296 login credentials for 500 Fortune companies are offered in plain text on multiple services in the dark web.
WIRED Threat Level
OCTOBER 28, 2019
Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
NOVEMBER 1, 2019
Capture the Flag challenge encourages women to pursue cybersecurity careers and connects experts with newcomers
Schneier on Security
NOVEMBER 1, 2019
Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity.
Security Affairs
OCTOBER 26, 2019
asty PHP7 remote code execution bug exploited in the wild. Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. On October 22, the security expert Omar Ganiev announced via Twitter the availability of a “freshly patched” remote code execution vulnerability in PHP-FPM , the FastCGI Process Manager
WIRED Threat Level
OCTOBER 29, 2019
Alexa, Siri, and Google Assistant now all give you ways to opt out of human transcription of your voice snippets. Do it.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
OCTOBER 28, 2019
A new report from IntSights details the many ways cybercriminals break into a new generation of highly digitized cars.
Dark Reading
OCTOBER 28, 2019
Security experts say voting by app adds another level of risk, as mobile-voting pilots expand for overseas military and voters with disabilities.
Security Affairs
OCTOBER 31, 2019
Two hackers have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016 and attempted to extort money from the two companies. Brandon Charles Glover and Vasile Mereacre are two hackers that have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016. The defendants have also attempted to extort money from the companies requesting them to pay ‘bug bounties’ to avoid publicly disclose the data breaches.
WIRED Threat Level
OCTOBER 28, 2019
As data hijackers continue to target local governments and hospitals, legislators remain stymied over how best to address the problem.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
OCTOBER 29, 2019
The ServiceNow and Ponemon study found an average 24% increase in cybersecurity spending and a 17% rise in attacks.
Dark Reading
OCTOBER 31, 2019
APT41's new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says.
Security Affairs
NOVEMBER 1, 2019
sPower , a US-based renewable energy provider, was the victim of a cyber attack that disconnected the US power grid operator from its power generation station. sPower , a Utah-based renewable energy provider was hit by a cyber attack, the incident took place in March. This is the first time that a cyber attack hit a renewable energy provider causing the temporary interruption of communications with several solar and wind installations. “These interruptions had no impact to generation and d
Threatpost
NOVEMBER 1, 2019
The Ai.type app was removed from Google Play in June 2019 – but still remains on millions of Android devices and is still available from other Android marketplaces, researchers warn.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
OCTOBER 31, 2019
Locating and blocking unwanted open ports in Linux should be a task every network admin knows how to do.
Dark Reading
OCTOBER 29, 2019
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
Security Affairs
NOVEMBER 1, 2019
One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. This week Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack computers.
Threatpost
OCTOBER 30, 2019
John Scott-Railton with Citizen Lab, who helped WhatsApp investigate the NSO Group over the alleged WhatsApp hack, said the subsequent lawsuit is a "certified big deal.".
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Let's personalize your content