Schneier on Security
MAY 22, 2018
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called " Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown in January, I predicted that we'll be seeing a lot more of these sorts of vulnerabilities.
Troy Hunt
MAY 24, 2018
Try publishing something to the internet - anything - and see how it long it takes before something nasty is probing away at it. Brand new website, new domain and it's mere hours (if not minutes) before requests for wp-admin are in the logs. Yes, I know it's not a Wordpress site but that doesn't matter, the bots don't care. But that's just indiscriminate scanning, nothing personal; how about deliberate and concerted attacks more specifically designed to get into your things?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
MAY 23, 2018
Cisco researchers discover a new router malware outbreak that might also be the next cyberwar attack in Ukraine.
Dark Reading
MAY 24, 2018
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
MAY 21, 2018
The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work even the location of its headquarters.
Troy Hunt
MAY 25, 2018
Well it's all quietened down here with Scott gone so it's back to business as usual, which means, well, it's not very quiet at all! I've been in Sydney this week talking at one of our big banks and as I say in this week's update, getting out there amongst companies dealing with their unique cyber challenges is always interesting: #cyber pic.twitter.com/CIMDhPfKIP — Troy Hunt (@troyhunt) May 23, 2018.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
MAY 23, 2018
John Grimm, Thales eSecurity’s Senior Director of IoT Security Strategy, recently spoke with CyberWire’s Dave Bittner about key findings and trends from Thales eSecurity’s 2018 Global Encryption Trends Study. The CyberWire is a free, community-driven cybersecurity news service based in Baltimore. A sampling of John’s comments: The lynchpin of any good encryption system is how well you protect the key.
Schneier on Security
MAY 25, 2018
Interesting research: " The detection of faked identity using unexpected questions and mouse dynamics ," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent's true identity.
Dark Reading
MAY 25, 2018
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
WIRED Threat Level
MAY 22, 2018
The Los Angeles Police Department is using "predictive policing" to prevent crime, but this innovative approach has its problems.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
MAY 25, 2018
As the popularity around cryptocurrency has continued to rise in 2018, it has also paved an easy path for cash-hungry scammers to launch “cryptocurrency giveaway scams.”.
Schneier on Security
MAY 25, 2018
I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and
Dark Reading
MAY 21, 2018
Google acknowledges HTTPS as the Internet standard with plans to remove 'secure' from all HTTPS sites.
WIRED Threat Level
MAY 19, 2018
The failures of Securus and LocationSmart to secure location data are the failures of an entire industry.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Thales Cloud Protection & Licensing
MAY 24, 2018
The rules of risk taking. What kind of person are you? Are you a risk taker or someone who like to play it safe? Is your organization one that takes risk, or is it risk averse? Let’s take digital transformation , for example. Most organizations want to embrace it, but feel constricted due to data privacy concerns and compliance regulations. However, companies that can’t or won’t find a path forward run the risk (pun intended!
Schneier on Security
MAY 24, 2018
Interesting research in steganography at the font level.
Dark Reading
MAY 22, 2018
Forty-three percent chance of users connecting to high or medium-risk networks in Las Vegas - compared to less than 1% risk in least vulnerable areas, Coronet says.
WIRED Threat Level
MAY 23, 2018
FBI stats about inaccessible cellphones were inflated, undermining already controversial bureau claims about the threat of encryption.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
MAY 22, 2018
Intel on Monday acknowledged that its processors are vulnerable to another Spectre-like speculative execution side channel flaw that could allow attackers to access information.
Schneier on Security
MAY 23, 2018
The rise of self-checkout has caused a corresponding rise in shoplifting.
Dark Reading
MAY 25, 2018
Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.
WIRED Threat Level
MAY 21, 2018
A new processor vulnerability known as Speculative Store Bypass could expose user data on a huge swath of devices.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
MAY 24, 2018
Privacy advocates say facial recognition can be an agent of authoritarian surveillance; others say it's an invaluable tool to combat kidnapping, locate lost children and track down criminals on the run.
eSecurity Planet
MAY 25, 2018
As Microsoft demonstrated this week, companies will find that having separate data protection and privacy policies for non-EU customers won't work.
Dark Reading
MAY 25, 2018
The latest variant of the venerable Mirai botnet malware combines approaches and brings new exploits to the world of IoT security challenges.
WIRED Threat Level
MAY 23, 2018
The update, now available to most users, comes several months after Facebook was criticized for spamming users' two-factor authentication phone numbers.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
MAY 24, 2018
The new hardware-based protections Intel announced earlier in March it was embedding into new chips will only protect against Spectre and Meltdown – but not the newly disclosed Variant 4, sources said.
eSecurity Planet
MAY 22, 2018
The security professional's guide to advanced persistent threats and how to stop and prevent them.
Dark Reading
MAY 23, 2018
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
WIRED Threat Level
MAY 20, 2018
Researchers have developed a new technique called FontCode that hides secrets in plain sight.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
139 
Let's personalize your content