Sat.Jan 06, 2018 - Fri.Jan 12, 2018

article thumbnail

Yet Another FBI Proposal for Insecure Communications

Schneier on Security

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk , his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we call "Going Dark." Technology increasingly frustrates traditional law enforcement efforts to collect evidence needed to protect public safety and solve crime.

article thumbnail

Weekly Update 69 (Boat Edition)

Troy Hunt

It's my last day in the sun ?? Well, at least it's my last day in the sun for a couple of weeks so today I've gone to the sunniest place I know. It's "the boat edition" of my weekly update and I apologise up front for the rocking motion, the occasional wind noise (I lost the fluffy bit off my smartLav mic ) and the gratuitous amount of sunshine and beach.

Internet 114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Meltdown and Spectre Were Independently Discovered By Four Research Teams At Once

WIRED Threat Level

The uncanny coincidences among the Meltdown and Spectre discoveries raise questions about "bug collisions"—and the safety of the NSA's hidden vulnerability collection.

111
111
article thumbnail

Profile of the Month: Cindy Provin, Chief Executive Officer

Thales Cloud Protection & Licensing

Cindy Provin is a 20-year veteran at Thales. This month, she became the CEO for Thales eSecurity. Previously, she served as the President for Thales eSecurity Americas, and Chief Strategy & Marketing Officer for Thales eSecurity. In her new role as CEO, Cindy will be responsible for leading a world-class organization and delivering a portfolio of security solutions to protect data wherever it is created, shared or stored.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

NSA Morale

Schneier on Security

The Washington Post is reporting that poor morale at the NSA is causing a significant talent shortage. A November New York Times article said much the same thing. The articles point to many factors: the recent reorganization , low pay, and the various leaks. I have been saying for a while that the Shadow Brokers leaks have been much more damaging to the NSA -- both to morale and operating capabilities -- than Edward Snowden.

144
144
article thumbnail

AI in Cybersecurity: Where We Stand & Where We Need to Go

Dark Reading

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

More Trending

article thumbnail

Security Beyond The Perimeter

Andrew Hay

Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hy

article thumbnail

Susan Landau's New Book: Listening In

Schneier on Security

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It's based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to -- and can -- adjust to the new realities.

article thumbnail

New Cryptocurrency Mining Malware Has Links to North Korea

Dark Reading

A malware tool for stealthily installing software that mines the Monero virtual currency looks like the handiwork of North Korean threat actors, AlienVault says.

Malware 76
article thumbnail

How the Government Hides Secret Surveillance Programs

WIRED Threat Level

A new report from Human Rights Watch sheds light on a troubling law enforcement practice called “parallel construction.”.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

FBI Director Calls Smartphone Encryption an ‘Urgent Public Safety Issue’

Threatpost

The debate over the government's authority to access private encrypted data on digital devices was amplified when the Federal Bureau of Investigation Director Christopher Wray called unbreakable encryption an 'urgent public safety issue.'.

article thumbnail

Daniel Miessler on My Writings about IoT Security

Schneier on Security

Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything is doom and gloom. I absolutely respect Bruce Schneier a lot for what he's contributed to InfoSec, which makes me that much more disappointed with this kind of position from him.

IoT 123
article thumbnail

How to Attract More Women Into Cybersecurity - Now

Dark Reading

A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession - the dots just need to be connected.

article thumbnail

Congress Renews FISA Warrantless Surveillance Bill For Six More Years

WIRED Threat Level

The House of Representatives Thursday strengthened spying powers authorized under Section 702 of the 2008 FISA Amendments Act.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Kali on the Windows Subsystem for Linux

Kali Linux

Update : This post is outdated. For a better way of getting Kali Linux on Windows 10, install Kali Linux from the App store. We’re always on the prowl for novel environments to run Kali on, and with the introduction of the Windows Subsystem for Linux (WSL) in Windows 10, new and exciting possibilities have surfaced. After all, if the WSL can support Ubuntu, it shouldn’t be too hard to incorporate another Debian-like distribution, right?

article thumbnail

Fingerprinting Digital Documents

Schneier on Security

In this era of electronic leakers, remember that zero-width spaces and homoglyph substitution can fingerprint individual instances of files.

132
132
article thumbnail

Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3

Dark Reading

WPA2 protocol enhancements bring stronger security protection and best practices, while new WPA3 protocol offers new security capabilities.

79
article thumbnail

WhatsApp Encryption Security Flaws Could Allow Snoops to Slide Into Group Chats

WIRED Threat Level

German researchers say that a flaw in the app's group-chat feature undermines its end-to-end encryption promises.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

How to Comply with GDPR

eSecurity Planet

IT experts share some their tips on updating IT systems and business processes to comply with the EU's strict new data privacy regulations.

article thumbnail

Cybersecurity and the 2017 US National Security Strategy

Schneier on Security

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan.

article thumbnail

CISOs' No. 1 Concern in 2018: The Talent Gap

Dark Reading

Survey finds 'lack of competent in-house staff' outranks all other forms of cybersecurity worry, including data breaches to ransomware attacks.

CISO 74
article thumbnail

Tech Companies Are Complicit in Censoring Iran Protests

WIRED Threat Level

Opinion: Google, Twitter, and Signal should take steps to ensure their tools aren’t restricting Iranian’s free speech.

104
104
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Intel AMT Loophole Allows Hackers to Gain Control of Some PCs in Under a Minute

Threatpost

Researchers say an unprotected Management Engine BIOS Extension can allow an attacker the ability to configure Intel’s AMT feature for remote access by a hacker.

article thumbnail

Tourist Scams

Schneier on Security

A comprehensive list. Most are old and obvious, but there are some clever variants.

Scams 130
article thumbnail

Privacy: The Dark Side of the Internet of Things

Dark Reading

Before letting an IoT device into your business or home, consider what data is being collected and where it is going.

article thumbnail

Meltdown and Spectre Vulnerability Fixes Have Started, But Don't Solve Everything

WIRED Threat Level

Meltdown and Spectre Fixes Arrive—But Don't Solve Everything.

127
127
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Anti-Virus Updates Required Ahead of Microsoft’s Meltdown, Spectre Patches

Threatpost

Microsoft is pausing the rollout of Windows Meltdown and Spectre patches until hosted anti-virus software vendors confirms no unsupported Windows kernel calls via the addition of a registry key on PCs.

article thumbnail

XKCD's Smartphone Security System

Schneier on Security

Funny.

178
178
article thumbnail

Microsoft: How the Threat Landscape Will Shift This Year

Dark Reading

Exclusive interview with Windows Security lead on how 2017 was a "return to retro" security threats and 2018 will bring increasingly targeted, advanced, and dangerous cyberattacks.

57
article thumbnail

A Clever Radio Trick Can Tell If a Drone Is Watching You

WIRED Threat Level

A quirk of video compression lets spy targets see what the drone watching them sees.

111
111
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.