Krebs on Security
JUNE 13, 2018
In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court.
Schneier on Security
JUNE 14, 2018
For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
JUNE 14, 2018
Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures. Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.
Troy Hunt
JUNE 11, 2018
Running Have I Been Pwned (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents. Last week I had an all new situation arise related to that last point and I want to explain it properly here so it makes sense if someone finds themselves in th
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
WIRED Threat Level
JUNE 14, 2018
Russia expects as many as 2 million visitors during the 2018 World Cup, most of whom should take extra precautions against the country's many cyber risks.
Schneier on Security
JUNE 13, 2018
Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business. Today's Internet largely reflects the dominance of a handful of companies behind the cloud services, search engines and mobile platforms that underpin the
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
JUNE 10, 2018
Wow wow wow! What a week! This video is going out a couple of days late but if ever I had a good excuse for it, this week is the one. Scott and I are in Oslo this week having just flown in from London where we collectively scooped up 3 awards, one each at the European Blogger Awards and the big one (quite literally - the thing weights several kilos), the SC Award for Best Emerging Technology courtesy of Report URI.
WIRED Threat Level
JUNE 10, 2018
Microsoft's Windows red team probes and prods the world's biggest operating system through the eyes of an adversary.
Schneier on Security
JUNE 12, 2018
iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission: The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones.
The Last Watchdog
JUNE 14, 2018
The variety of laws and regulations governing how organizations manage and share sensitive information can look like a bowl of alphabet soup: HIPAA, GDPR, SOX, PCI and GLBA. A multinational conglomerate, government contractor, or public university must comply with ten or more, which makes demonstrating regulatory compliance seem like a daunting, even impossible, undertaking.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
JUNE 14, 2018
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
WIRED Threat Level
JUNE 14, 2018
Jeff Flake and Chris Coons sent Jeff Bezos a letter Thursday with nearly 30 questions about how the company handles user data and privacy.
eSecurity Planet
JUNE 12, 2018
Gartner analyst lists 10 security projects CISOs should consider this year - and 10 they should have already done.
Thales Cloud Protection & Licensing
JUNE 14, 2018
Did you know that every zebra has its own unique stripe pattern? Just like a human fingerprint, every zebra can be identified by their distinctive set of stripes. Luckily, zebras don’t use mobile devices, or manufacturers would be hard at work on stripe recognition technology. But they’d also be working to supplement their stripe recognition and biometrics with behavioral analytics.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
JUNE 14, 2018
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
WIRED Threat Level
JUNE 12, 2018
The arrest of dozens of alleged Nigerian email scammers and their associates is a small, but important, first step toward tackling an enormous problem.
NopSec
JUNE 13, 2018
Many of our clients at NopSec have mature web application security programs with their own internal white hat penetration testing personnel. Performing penetration testing in coordination with an agile software development team presents unique challenges as the speed of feature development can make thorough testing of the application difficult to achieve.
Thales Cloud Protection & Licensing
JUNE 12, 2018
The expression “a leopard cannot change its spots” maintains that it is challenging to alter ones’ inherent nature — not only who you are but also what defines you. Your spots, in this case, include your ways, habits, and behaviors. In this age of big data, the concept is fitting, because this kind of information is increasingly being used to identify individuals and even machines.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
JUNE 15, 2018
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
WIRED Threat Level
JUNE 15, 2018
Roger Clark allegedly served as Ross Ulbricht's Silk Road consigliere. Friday, the feds announced his extradition from Thailand.
Threatpost
JUNE 11, 2018
Researchers found three vulnerabilities in Foscam connected security cameras that could enable a bad actor to gain root access knowing only the camera’s IP address.
eSecurity Planet
JUNE 13, 2018
While there are a lot of things that containers do to help improve security, there are still some missing pieces.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JUNE 14, 2018
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
WIRED Threat Level
JUNE 14, 2018
As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea.
Threatpost
JUNE 15, 2018
While other malware families have been searching for new overlay techniques for Android 7 and 8, MysteryBot appears to have found a solution.
Adam Shostack
JUNE 14, 2018
Today’s Threat Model Thursday is a look at “ Post-Spectre Threat Model Re-Think ,” from a dozen or so folks at Google. As always, I’m looking at this from a perspective of what can we learn and to encourage dialogue around what makes for a good threat model. What are we working on? From the title, I’d assume Chromium, but there’s a fascinating comment in the introduction that this is wider: “ any software that both (a) runs (native or interpreted) code f
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
JUNE 13, 2018
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
WIRED Threat Level
JUNE 9, 2018
Opinion: The NATO Secretary General explains how the alliance manages the dark side of the web.
Threatpost
JUNE 12, 2018
One of the most serious issues is a critical remote code execution vulnerability in the Windows DNS, which could allow an attacker to take full control of the targeted machine.
Schneier on Security
JUNE 15, 2018
It's Cephalopod Week ! "Three hearts, eight arms, can't lose.". As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
169 
Let's personalize your content