Schneier on Security
JUNE 27, 2018
The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data.
Krebs on Security
JUNE 26, 2018
Previous stories here on the proliferation of card-skimming devices hidden inside fuel pumps have offered a multitude of security tips for readers looking to minimize their chances of becoming the next victim, such as favoring filling stations that use security cameras and tamper-evident tape on their pumps. But according to police in San Antonio, Texas, there are far more reliable ways to avoid getting skimmed at a fuel station.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JUNE 27, 2018
HTTPS is easy! In fact, it's so easy I decided to create 4 short videos around 5 minutes each to show people how to enable HTTPS on their site and get all traffic redirecting securely, optimise their HTTPS configuration to get it rating higher than most banks, fix any insecure references in a few clicks and finally, secure all the traffic all the way back to their website.
Adam Levin
JUNE 29, 2018
If the reports are accurate, a Florida-based marketing and data company exposed sensitive personal data belonging to 340 million records. The gravity of the situation is yet to be confirmed or even discussed by Exactis, but the leak is estimated to include 230 million consumers and 110 million businesses. If confirmed, this breach involves basically everyone in the United States.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JUNE 28, 2018
The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy. From the executive summary: Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.
Krebs on Security
JUNE 28, 2018
Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
JUNE 28, 2018
The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then typing the passcode to gain access to a privileged account.
Schneier on Security
JUNE 29, 2018
Here's some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into our laboratory and gave them a simple task -- to look at a series of computer-generated faces and decide which ones seem "threatening.
Adam Levin
JUNE 25, 2018
If Facebook’s ongoing privacy woes become any more regular, clocks may soon become obsolete. This week’s (first?) news about the increasingly leak-prone company (or increasingly transparent company when it comes to leaks?) has to do with an accident. Scratch that. What do you call an ongoing accident? Perhaps the correct answer, is Facebook. The company has been accidentally sending data from apps that run on their platform to testers (people who use beta versions of the apps to identify bugs),
Adam Shostack
JUNE 28, 2018
Continuum has released a video of me and Stuart Winter-Tear in conversation at the Open Security Summit: “At the recent Open Security Summit we had the great pleasure of interviewing Adam Shostack about his keynote presentation “A seat at the table” and the challenge of getting security involved in product and application design. We covered numerous topics from the benefits brought to business by threat modeling to pooping unicorns.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
JUNE 26, 2018
Trump’s call for a “Space Force” escalates a quiet, dangerous contest between the US, China, and Russia—one whose consequences no one really understands.
Schneier on Security
JUNE 26, 2018
Last week, a story was going around explaining how to brute-force an iOS password. Basically, the trick was to plug the phone into an external keyboard and trying every PIN at once: We reported Friday on Hickey's findings, which claimed to be able to send all combinations of a user's possible passcode in one go, by enumerating each code from 0000 to 9999, and concatenating the results in one string with no spaces.
Adam Levin
JUNE 28, 2018
Event ticketing giant Ticketmaster UK experienced an ongoing data breach affecting 40,000 people over the last several months, many of whom have since fallen victim to scams. The breach was disclosed by the company on June 23, and included a full range of customer information, including names, addresses, phone numbers, payment data, logins and passwords.
Adam Shostack
JUNE 25, 2018
The decision in Carpenter v. United States is an unusually positive one for privacy. The Supreme Court ruled that the government generally can’t access historical cell-site location records without a warrant. (SCOTUS Blog links to court documents. The court put limits on the “third party” doctrine, and it will be fascinating to see how those limits play out.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
JUNE 27, 2018
The leak may include data on hundreds of millions of Americans, with hundreds of details for each, from demographics to personal interests.
Schneier on Security
JUNE 25, 2018
We're starting to see research into designing speculative execution systems that avoid Spectre- and Meltdown-like security problems. Here's one. I don't know if this particular design secure. My guess is that we're going to see several iterations of design and attack before we settle on something that works. But it's good to see the research results emerge.
Adam Levin
JUNE 27, 2018
Hackers may be in your phone right now (or your tablet). Think it’s not possible because your connected device is performing well? Think again. These hacks are discreet, using your device’s computing power to commit crimes. In a study commissioned by Distil Networks entitled “ Mobile Bots: The Next Evolution of Bad Bots ” it was determined that as many as 5.8 percent of all mobile devices worldwide have been infected with bots, a kind of malware that parasitically uses the computing power of its
eSecurity Planet
JUNE 26, 2018
Stopping a DDoS attack quickly is critical for the survival of your business. Here are six ways you can stop a DDoS attack.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
JUNE 27, 2018
From *Carpenter v. United States* to a landmark bill in California, privacy advocates sense a shift in what people will accept from Facebook, mobile carriers, and more.
Dark Reading
JUNE 25, 2018
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.
Adam Levin
JUNE 25, 2018
South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .
Thales Cloud Protection & Licensing
JUNE 28, 2018
Results from the 2018 Thales Data Threat Report. *Source – Dataset for 2018 Thales Data Threat Report. High SaaS usage – and with Sensitive Data. In the 2018 Thales Data Threat Report , one fact that came through very clearly is that SaaS usage by enterprises is high, and so is their use of SaaS with sensitive data. This sensitive data use in SaaS environments today is a real problem.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
JUNE 25, 2018
With better password security and idiot-proof IoT connections, WPA3 will make your internet experience much, much safer.
Dark Reading
JUNE 26, 2018
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
eSecurity Planet
JUNE 26, 2018
A DDoS attack can be costly for your business, so it's best not to give the bad guys a chance. Here are 6 ways you can prevent DDoS attacks.
Thales Cloud Protection & Licensing
JUNE 26, 2018
#1 Over half of companies are still not ready for GDPR. To be honest, this number might even be higher. Anecdotal evidence from technology industry analysts and surveys of business leaders support this estimate too. I wouldn’t be surprised if a fair percentage of those who believe that they comply are actually not there yet, but are somewhere on the road to becoming compliant.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
JUNE 28, 2018
The law will give Californians more control over the data that companies collect on them than ever before.
Dark Reading
JUNE 26, 2018
Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.
Threatpost
JUNE 29, 2018
The attack allows malicious applications to break out of their sandbox and access the entire operating system, giving an adversary complete control of the targeted device.
eSecurity Planet
JUNE 25, 2018
VIDEO: Dmitri Alperovitch, co-founder and CTO of CrowdStrike, says simply focusing on malware prevention isn't enough for modern cybersecurity.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
219 
Let's personalize your content