Schneier on Security
AUGUST 27, 2018
A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling. It doesn't just map cyber onto today's tactics, but completely re-imagines future tactics that include a cyber component (quote starts on page 110). The U.S. secretary of defense had wondered this past week when the other shoe would drop.
The Last Watchdog
AUGUST 27, 2018
Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
AUGUST 28, 2018
I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows. Since that time, another big name has come on board too : I love that a service I use every day has taken something I've built and is doing awesome things with it!
Adam Levin
AUGUST 27, 2018
Wireless company T-Mobile suffered a data breach affecting more than 2 million of its 77 million customers. The breach resulted in the compromise of names, phone numbers, email addresses, as well as general account information, but not, according to the company, financial information. T-Mobile’s cybersecurity team identified the breach on August 20th, and took steps to stop the “unauthorized data leak,” before alerting affected customers via text within days of the event.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
AUGUST 29, 2018
Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected -- and there would be no way to trace the communication back to
Krebs on Security
AUGUST 25, 2018
The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s likely that additional spammers and scammers piled on with their own versions of the phishing email after noticing that some recipients were actually paying up.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
AUGUST 31, 2018
Air Canada is advising customers to reset their passwords on their mobile application after detecting a potential data breach of customer records. In a notice, Air Canada says that a data breach it discovered last week impacted 20,000 profiles. However, the airline operator is urging all 1.7 million users to reset their passwords. “We detected unusual login behavior with Air Canada’s mobile App between Aug. 22-24, 2018.
Schneier on Security
AUGUST 31, 2018
On Thursday, September 6, starting at 10:00 am CDT, I'll be doing a Reddit " Ask Me Anything " in association with the Ford Foundation. It's about my new book , but -- of course -- you can ask me anything. No promises that I will answer everything.
Dark Reading
AUGUST 29, 2018
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Security Affairs
AUGUST 29, 2018
Cyberstalking is one of the most overlooked crimes. This is exactly why it is among the fastest growing crimes in the world. Learn all there is about cyberstalking here. The internet has been a blessing since its inception. The very concept of globalization has come into existence just because of the internet. The world that was previously unconnected soon became a global village with different cultures and traditions linking together via the information highway.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
AUGUST 27, 2018
Botnets fused with artificial intelligence are decentralized and self-organized systems, capable of working together toward a common goal – attacking networks.
Schneier on Security
AUGUST 30, 2018
I've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved training the pigeons to believe they had two homes. The birds had been secretly raised not just in Shanghai but also in Shangqiu.
WIRED Threat Level
AUGUST 25, 2018
Your phone number was never meant to be your identity. Now that it effectively is, we're all at risk.
Security Affairs
AUGUST 27, 2018
A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk. A group of researchers from the University of Florida, Stony Brook University, and Samsung Research America, has conducted an interesting research on the set of AT commands that are currently supported on modern Android devices.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
AUGUST 31, 2018
The Magecart group is likely behind the most prolific card-stealing operation seen in the wild to date.
Schneier on Security
AUGUST 31, 2018
This is a current list of where and when I am scheduled to speak: I'm giving a book talk on Click Here to Kill Everybody at the Ford Foundation in New York City, on September 5, 2018. The Aspen Institute's Cybersecurity & Technology Program is holding a book launch for Click Here to Kill Everybody on September 10, 2018 in Washington, DC. I'm speaking about my book Click Here to Kill Everybody: Security and Survival in a Hyper-connected World at the Harvard Book Store in Cambridge, Massachuse
WIRED Threat Level
AUGUST 29, 2018
So-called Attention commands date back to the 80s, but they can enable some very modern-day smartphone hacks.
Security Affairs
AUGUST 26, 2018
A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds. The team was composed of Olaf Tan and Dennis Goh of RFID Research Group , Vincent Yiu of SYON Security , and the popular Kevin Mitnick. The USBHarpoon takes inspiration on the BadUSB project built by researchers at Security Research Labs lead by Karsten Nohl.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Thales Cloud Protection & Licensing
AUGUST 28, 2018
This year, DefCon’s theme was 1983, intending to represent the choices a society may face on the eve of full authoritarian control. We attended the show with our colleague Paul Cleary and sat in on many talks (and demos) ranging from attacking IoT devices over insecure Bluetooth connections, to exploiting publically available expired certificates. There were many security issues present in corporate AD implementations, and hacking commonly-used voting machines was discussed.
Schneier on Security
AUGUST 31, 2018
Yet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen.
Dark Reading
AUGUST 27, 2018
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
Security Affairs
AUGUST 25, 2018
Chinese-owned telecommunications firm Huawei has been banned from Australia’s 5G network due to security concerns. The Australian government considers risky the involvement of Huawei for the rolling out of next-generation 5G communication networks. Huawei Australia defined the decision disappointing. We have been informed by the Govt that Huawei & ZTE have been banned from providing 5G technology to Australia.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
AUGUST 31, 2018
Unlike its browser competitors, Firefox will soon start blocking tracking cookies by default in the name of consumer privacy.
Schneier on Security
AUGUST 28, 2018
Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk. BoingBoing post.
Dark Reading
AUGUST 28, 2018
Some key security vendors - including Microsoft, Google, Cloudflare - are offering pro bono services and tools for election jurisdictions and campaigns this election season. But will it help?
Security Affairs
AUGUST 28, 2018
A security researcher has publicly disclosed the details of zero-day privilege escalation vulnerability affecting all Microsoft’s Windows operating systems. A security researcher who handles the Twitter account @SandboxEscaper has disclosed the details of zero-day privilege escalation vulnerability affecting Microsoft’s Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges on the vulnerable system.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
AUGUST 27, 2018
The contents of the user’s screen can be gleaned through video or VoIP calls, or voice-operated virtual assistants, like Amazon Alexa.
WIRED Threat Level
AUGUST 29, 2018
The tech industry lobby has made it clear that they want changes to California's sweeping privacy protections—and they've got plenty of time left to get them made.
Dark Reading
AUGUST 28, 2018
In 2018, mobile communication platforms such as WhatsApp, Skype and SMS have far less protection against app-based phishing than email.
Security Affairs
AUGUST 29, 2018
A hacker is offering for sale the personal details of over 130 million hotel chain guests on a Chinese Dark Web forum. The news was reported by Bleeping computers, a hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin on a Chinese Dark Web forum. “The breach was reported today by Chinese media after several cyber-security firms spotted the forum ad [ 1 , 2 , 3 , 4 ]. ” states Bleeping Computer.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
219 
Let's personalize your content