Schneier on Security
JUNE 14, 2018
For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides.
The Last Watchdog
JUNE 13, 2018
The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JUNE 11, 2018
Running Have I Been Pwned (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents. Last week I had an all new situation arise related to that last point and I want to explain it properly here so it makes sense if someone finds themselves in th
WIRED Threat Level
JUNE 10, 2018
Microsoft's Windows red team probes and prods the world's biggest operating system through the eyes of an adversary.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
JUNE 11, 2018
On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats from nation-states, criminals and hackers that we should expect in coming years. VPNFilter is a sophisticated piece of malware that infects mostly older home and small-office routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link.
The Last Watchdog
JUNE 14, 2018
Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures. Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
WIRED Threat Level
JUNE 9, 2018
Opinion: The NATO Secretary General explains how the alliance manages the dark side of the web.
Schneier on Security
JUNE 13, 2018
Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business. Today's Internet largely reflects the dominance of a handful of companies behind the cloud services, search engines and mobile platforms that underpin the
The Last Watchdog
JUNE 14, 2018
The variety of laws and regulations governing how organizations manage and share sensitive information can look like a bowl of alphabet soup: HIPAA, GDPR, SOX, PCI and GLBA. A multinational conglomerate, government contractor, or public university must comply with ten or more, which makes demonstrating regulatory compliance seem like a daunting, even impossible, undertaking.
eSecurity Planet
JUNE 12, 2018
Gartner analyst lists 10 security projects CISOs should consider this year - and 10 they should have already done.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
WIRED Threat Level
JUNE 14, 2018
Jeff Flake and Chris Coons sent Jeff Bezos a letter Thursday with nearly 30 questions about how the company handles user data and privacy.
Schneier on Security
JUNE 12, 2018
iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones.
Adam Shostack
JUNE 14, 2018
Today’s Threat Model Thursday is a look at “ Post-Spectre Threat Model Re-Think ,” from a dozen or so folks at Google. As always, I’m looking at this from a perspective of what can we learn and to encourage dialogue around what makes for a good threat model. What are we working on? From the title, I’d assume Chromium, but there’s a fascinating comment in the introduction that this is wider: “ any software that both (a) runs (native or interpreted) code f
Dark Reading
JUNE 14, 2018
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
JUNE 14, 2018
As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea.
Threatpost
JUNE 12, 2018
Malware can to worm its way onto Macs thanks to a recently discovered code-signing bypass flaw.
Thales Cloud Protection & Licensing
JUNE 14, 2018
Did you know that every zebra has its own unique stripe pattern? Just like a human fingerprint, every zebra can be identified by their distinctive set of stripes. Luckily, zebras don’t use mobile devices, or manufacturers would be hard at work on stripe recognition technology. But they’d also be working to supplement their stripe recognition and biometrics with behavioral analytics.
Dark Reading
JUNE 15, 2018
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JUNE 14, 2018
Russia expects as many as 2 million visitors during the 2018 World Cup, most of whom should take extra precautions against the country's many cyber risks.
Threatpost
JUNE 15, 2018
While other malware families have been searching for new overlay techniques for Android 7 and 8, MysteryBot appears to have found a solution.
NopSec
JUNE 13, 2018
Many of our clients at NopSec have mature web application security programs with their own internal white hat penetration testing personnel. Performing penetration testing in coordination with an agile software development team presents unique challenges as the speed of feature development can make thorough testing of the application difficult to achieve.
Dark Reading
JUNE 14, 2018
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
WIRED Threat Level
JUNE 15, 2018
Roger Clark allegedly served as Ross Ulbricht's Silk Road consigliere. Friday, the feds announced his extradition from Thailand.
Threatpost
JUNE 14, 2018
World Cup travelers should leave their mobile phones, laptops and tablets behind.
eSecurity Planet
JUNE 13, 2018
While there are a lot of things that containers do to help improve security, there are still some missing pieces.
Dark Reading
JUNE 13, 2018
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
JUNE 12, 2018
The arrest of dozens of alleged Nigerian email scammers and their associates is a small, but important, first step toward tackling an enormous problem.
Threatpost
JUNE 14, 2018
The move escalates tensions between the phone giant and federal law enforcement when it comes to mobile security.
Thales Cloud Protection & Licensing
JUNE 12, 2018
The expression “a leopard cannot change its spots” maintains that it is challenging to alter ones’ inherent nature — not only who you are but also what defines you. Your spots, in this case, include your ways, habits, and behaviors. In this age of big data, the concept is fitting, because this kind of information is increasingly being used to identify individuals and even machines.
Dark Reading
JUNE 13, 2018
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
232 
Let's personalize your content