The Last Watchdog
JUNE 10, 2019
Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner. Related: The rise of ‘memory attacks’ I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant Huawei.
Schneier on Security
JUNE 12, 2019
How in the world did I not know about this for three years? Researchers at the University of Tokyo have developed a robot that always wins at rock-paper-scissors. It watches the human player's hand, figures out which finger position the human is about to deploy, and reacts quickly enough to always win.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JUNE 14, 2019
Well this was a big one. The simple stuff first - I'm back in Norway running workshops and getting ready for my absolute favourite event of the year, NDC Oslo. I'm also talking about Scott's Hack Yourself First UK Tour where he'll be hitting up Manchester, London and Glasgow with public workshops. Tickets are still available at those and it'll be your last chance for a long time to do that event in the UK.
Adam Levin
JUNE 14, 2019
Online invitation service Evite notified users about a data breach of user data that included names, usernames, email addresses, passwords, and mailing addresses. The company disclosed the breach following the release of the affected data on the dark web. A hacker claimed to have access to 10 million user accounts. “We became aware of a data security incident involving potential unauthorized access to our systems in April 2019.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Shostack
JUNE 13, 2019
I’m happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance. They asked us to look at the value of DNS security, such as when your DNS provider uses threat intel to block malicious sites. It’s surprising how effective it is for a tool that’s so easy to deploy. (Just point to a DNS server like 9.9.9.9).
Schneier on Security
JUNE 14, 2019
The ACLU's Jay Stanley has just published a fantastic report: " The Dawn of Robot Surveillance " (blog post here ) Basically, it lays out a future of ubiquitous video cameras watched by increasingly sophisticated video analytics software, and discusses the potential harms to society. I'm not going to excerpt a piece, because you really need to read the whole thing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
JUNE 12, 2019
As one of our recent blogs discussed, we are entering a new era of business – one that will see wholesale digital transformation drive a digital-first approach by businesses globally. And as our 2019 Thales Data Threat Report – Europe Edition recently revealed, many of these businesses become extremely vulnerable during digital transformation, with those in Europe being no different.
Security Affairs
JUNE 8, 2019
On June 6, for more than two hours China Telecom re-routed through its infrastructure a large chunk of European mobile traffic. In November security researchers Chris C. Demchak and Yuval Shavitt published a paper that detailed how China Telecom has been misdirecting Internet traffic through China over the past years. The experts speculate that they were intentional BGP Hijacking attacks.
Schneier on Security
JUNE 10, 2019
Interesting story of an old-school remote-deposit capture fraud scam, wrapped up in a fake employment scam. Slashdot thread.
Dark Reading
JUNE 13, 2019
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Thales Cloud Protection & Licensing
JUNE 10, 2019
Virtually every major enterprise is moving to a cloud or multi-cloud environment as part of their digital transformation. In fact, according to our 2019 Thales Data Threat Report-Global Edition , 71% of respondents are using sensitive data in the cloud. This sensitive data as well as workloads in the cloud must be protected for compliance and security purposes.
Security Affairs
JUNE 13, 2019
Encrypted messaging service Telegram was hit by a major DDoS attack apparently originated from China, likely linked to the ongoing political unrest in Hong Kong. Telegram was used by protesters in Hong Kong to evade surveillance and coordinate their demonstrations against China that would allow extraditions from the country to the mainland. The country is facing the worst political crisis ùsince its 1997 handover from Britain to China.
Schneier on Security
JUNE 11, 2019
Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks.
Dark Reading
JUNE 14, 2019
Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
JUNE 14, 2019
The same hackers behind a potentially lethal 2017 oil refinery cyberattack are now sniffing at US electrical utility targets.
Security Affairs
JUNE 8, 2019
A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. Chi-en (Ashley) Shen, a senior security researcher at FireEye, collected evidence that demonstrates that China-linked APT group ICEFOG (aka Fucobha ) is still active. Slides from my talk presented today at @CONFidenceConf – Into the Fog – The Return of ICEFOG APT.
Schneier on Security
JUNE 14, 2019
This is a current list of where and when I am scheduled to speak: I'm speaking on " Securing a World of Physically Capable Computers " at Oxford University on Monday, June 17, 2019. The list is maintained on this page.
Dark Reading
JUNE 12, 2019
Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
JUNE 14, 2019
Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.
Security Affairs
JUNE 9, 2019
Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. The vulnerability affects older Opteva model ATMs , Diebold Nixdorf will start notifying the customers next week.
Schneier on Security
JUNE 13, 2019
Citizen Lab just published an excellent report on the stalkerware industry.
Dark Reading
JUNE 14, 2019
No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
JUNE 12, 2019
In a controversial move, the Alphabet-owned tech firm played both sides of an online argument in Russia with the aim of testing disinformation-for-hire services.
Security Affairs
JUNE 9, 2019
Millions of Exim mail servers are exposed to attacks due to a critical vulnerability that makes it possible for unauthenticated remote attackers to execute arbitrary commands. A critical vulnerability affects versions 4.87 to 4.91 of the Exim mail transfer agent (MTA) software. The flaw could be exploited by unauthenticated remote attackers to execute arbitrary commands on mail servers for some non-default server configurations.
Threatpost
JUNE 14, 2019
ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.
Dark Reading
JUNE 10, 2019
A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
JUNE 14, 2019
In a strangely public product announcement, the phone-cracking firm revealed a powerful new device.
Security Affairs
JUNE 14, 2019
Experts at Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack is targeting electric utilities in the US and APAC. Xenotime threat actor is considered responsible for the 2017 Trisis/ Triton malware attack that hit oil and gas organizations. In December 2017, the Triton malware (aka Trisis) was discovered by researchers at FireEye, it was specifically designed to target industrial control systems (ICS) system.
Threatpost
JUNE 10, 2019
The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017.
Dark Reading
JUNE 11, 2019
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
197 
Let's personalize your content