Schneier on Security
SEPTEMBER 30, 2019
The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem which is increasingly a national security issue will require us to both make major policy changes and invent new technologies.
Adam Levin
OCTOBER 2, 2019
The hacker allegedly behind the Collection #1 and Collection #2 data breaches has claimed responsibility for the compromise of more than 200 million users of a popular iOS and Android gaming app. Online cybersecurity site the Hacker News reported earlier this week that Pakistani hacker Gnosticplayers had gained access to the player database of Zynga’s Scrabble clone called Words with Friends, and the personal information of 218 million users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 29, 2019
It's been a bit of intense country-hopping since the last update so this one is a consolidated "this week in tweets" version. I actually found it kind of interesting going back through the noteworthy incidents of the week in lieu of having original content of my own, see what you think. Given the coming schedule (and a deep, deep desire for a few days of downtime), the next one might be more of the same so I hope it resonates!
Tech Republic Security
OCTOBER 3, 2019
Whether intentionally or unintentionally, employees can pose a significant security risk to company data, according to a new report from data protection firm Code42.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
OCTOBER 1, 2019
Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The first is that the unprecedented scale and pace of technological change will outstrip our ability to effectively adapt to it.
The Last Watchdog
SEPTEMBER 30, 2019
Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, aka homomorphic encryption, would be to keep data encrypted while it is being actively used by an application to run computations.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
OCTOBER 1, 2019
Ransomware continues to present a real cybersecurity threat. Tom Merritt offers five ways you can prevent it from affecting your business.
Schneier on Security
OCTOBER 3, 2019
In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. This dataset contains products such as home routers, enterprise equipment, smart cameras, security devices, and more.
The Last Watchdog
OCTOBER 4, 2019
It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data. Related: The case for automated threat feeds analysis Dallas-based Critical Start is making some hay in this space — by striving to extend the roles traditionally played by MSSPs.
Adam Shostack
OCTOBER 2, 2019
Podcast with me by OWASP’s Portland, Oregon Chapter in advance of me speaking at their meeting October 9. You can listen here.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
OCTOBER 1, 2019
A cybersecurity expert with the US Navy believes military personnel understand operational risk and should be appointed to corporate boards.
Schneier on Security
OCTOBER 4, 2019
In 1999, I invented the Solitaire encryption algorithm , designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon , and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I made a dumb mistake that resulted in the algorithm not being reversible.
The Last Watchdog
OCTOBER 3, 2019
Trends in fashion and entertainment come and go. The same holds true for the cyber underground. Related: Leveraging botnets to scale attacks For a long while now, criminal hackers have relied on leveraging low-cost botnet services to blast out cyber attacks as far and wide as they could, indiscriminately. Over the past 18 months or so, a fresh trend has come into vogue.
Thales Cloud Protection & Licensing
OCTOBER 3, 2019
Digital criminals won’t stop targeting the Middle East. I’ve seen numerous attack campaigns targeting this region come to the surface in 2019 alone. Back in April, I remember FireEye discovered that bad actors behind the TRITON custom attack framework had infiltrated a second critical infrastructure organization. That’s less than two years after the company spotted the first TRITON attack where malefactors used TRITON to disrupt a critical infrastructure organization in the Middle East.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
OCTOBER 1, 2019
IT security budgets now average $18.9 million, up from $8.9 million, with savings credited to internal cybersecurity, according to new Kaspersky report.
Schneier on Security
OCTOBER 4, 2019
Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers.
WIRED Threat Level
OCTOBER 1, 2019
Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light.
Security Affairs
OCTOBER 1, 2019
Iran ’s Passive Defense Organization chief Gholamreza Jalali declared that the US government has started its cyber war against the country. Gholamreza Jalali , Iran’s Passive Defense Organization chief, announced that that “America has started its cyber war against Iran, without providing more details. The news was reported by the ISNA news website on October 1, Jalali also added that Iran “ decisively will resort to cyber defense.”.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
OCTOBER 3, 2019
Black Hat's Network Operations team members discuss looking for the "bad within the bad." Also, RSA's CTO talks about managing risks to prevent an individual problem from becoming a societal problem.
Dark Reading
SEPTEMBER 28, 2019
Is it rude to ask someone to shut off their Alexa? Ask the family who's written the book on etiquette for nearly 100 years -- the descendants of Emily Post herself.
Daniel Miessler
SEPTEMBER 29, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Security Affairs
SEPTEMBER 28, 2019
Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. A couple of weeks ago, cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromi
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
OCTOBER 2, 2019
Celebrate Cybersecurity Awareness Month by turning on two-factor authentication and replacing your "fido123" password.
Dark Reading
OCTOBER 4, 2019
Microsoft detected the so-called Phosphorus nation-state gang attacking 241 user accounts associated with a US presidential campaign, current and former US government officials, journalists, others.
Lenny Zeltser
OCTOBER 4, 2019
Want to strengthen your writing in under an hour? Watch the video I recorded to help you avoid the top 10 writing mistakes I’ve encountered when working as a cybersecurity professional. The mistakes you’ll see in this video—and the practical tips for avoiding them—span the key aspects of technical writing: Structure Look Words Tone Information.
Security Affairs
OCTOBER 3, 2019
The Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks. Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. Cyber experts at the Ukrainian police dismantled a bot farm involved in spam campaigns carried out through various services, including email and social networks. “Cyber ??
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
SEPTEMBER 30, 2019
Watch out for suspicious Google Calendar invites and learn how to prevent them from making their way to your calendar.
Dark Reading
SEPTEMBER 30, 2019
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Threatpost
OCTOBER 3, 2019
A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app.
Security Affairs
SEPTEMBER 29, 2019
Hackers have stolen more than 218 million records from the popular ‘ Words With Friends’ developed by the mobile social game company Zynga Inc. Do you remember Gnosticplayers ? The popular hacker Gnosticplayers that between February and April disclosed the existence of some massive unreported data breaches in five rounds. He offered for sale almost a billion user records stolen from nearly 45 popular online services.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
221 
Let's personalize your content