Schneier on Security

MARCH 5, 2018

This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research to be done here.

190

190

Troy Hunt

MARCH 9, 2018

I'm in Seattle! This has been a mega week at the Microsoft MVP and Regional Director summits and as I say in the video, I'm actually a little run down now that it's all done. But I've had a wonderful week of meeting a heap of people and seeing some very cool stuff from Microsoft, especially around Azure which remains one of my favourite tech things.

Passwords 137

Passwords Technology Hacking 137

WIRED Threat Level

MARCH 8, 2018

Dutch police detail for the first time how they secretly hijacked Hansa, Europe's most popular dark web market.

Marketing 111

Marketing 111

Thales Cloud Protection & Licensing

MARCH 6, 2018

Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data.

Data privacy 88

Data privacy Encryption Healthcare Insurance 88

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

MARCH 6, 2018

Interesting research: " Finding The Greedy, Prodigal, and Suicidal Contracts at Scale ": Abstract: Smart contracts -- stateful executable objects hosted on blockchains like Ethereum -- carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities , which result from analyzing multiple invocations of a contract over its lifetime.

181

181

eSecurity Planet

MARCH 5, 2018

We compare ArcSight and Splunk, two top SIEM solutions rated highly by users and analysts.

76

76

Thales Cloud Protection & Licensing

MARCH 5, 2018

Healthcare’s IT evolution has brought numerous security challenges including regulations, the use of digitally transformative technologies that have created huge amounts of data to store and protect, and the extraordinary value of electronic personal health information (ePHI) to cybercriminals. In this blog post, I’ll discuss how healthcare enterprises can not only meet these challenges, but go beyond compliance to best practice to secure their data and their reputations.

Healthcare 87

Healthcare Digital transformation Encryption Unstructured Data 87

Schneier on Security

MARCH 5, 2018

Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it's almost a no-brainer.

Passwords 171

Passwords Accountability Authentication Personal Security 171

Dark Reading

MARCH 5, 2018

Experts share the security-focused issues all businesses should explore when researching and using cloud services.

70

70

WIRED Threat Level

MARCH 7, 2018

A leaked NSA tool offers a glimpse into what the NSA knows about the hacking operations of adversaries—some of which may still be secretly ongoing.

Hacking 110

Hacking 110

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

eSecurity Planet

MARCH 7, 2018

We review the KACE Systems Management Appliance, a patch and endpoint management solution that can patch 20,000 machines in four hours.

67

67

Schneier on Security

MARCH 7, 2018

This is worrisome: DDoS vandals have long intensified their attacks by sending a small number of specially designed data packets to publicly available services. The services then unwittingly respond by sending a much larger number of unwanted packets to a target. The best known vectors for these DDoS amplification attacks are poorly secured domain name system resolution servers , which magnify volumes by as much as 50 fold, and network time protocol , which increases volumes by about 58 times.

DDOS 164

DDOS DNS 164

Threatpost

MARCH 6, 2018

Malware found on POS systems at Applebee's restaurants potentially stole customer credit card information.

Malware 64

Malware Retail 64

WIRED Threat Level

MARCH 9, 2018

Reddit has deleted hundreds of Russian troll accounts, but the links they shared remain, forming a digital trail of the Internet Research Agency's actions on the platform.

Internet 105

Internet Internet Accountability 105

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Elie

MARCH 9, 2018

This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an approach previously unheard of in malware. This talk starts by providing an in-depth analysis of how Gooligan’s kill-chain works from infection and exploitation to system-wide compromise.

Malware 59

Malware 59

Schneier on Security

MARCH 8, 2018

Interesting history of the US Army Security Agency in the early years of Cold War Germany.

149

149

Dark Reading

MARCH 5, 2018

Two separate reports suggest insiders - of the malicious and careless variety - pose more of a problem in healthcare than any other sector.

Healthcare 59

Healthcare Cybersecurity 59

WIRED Threat Level

MARCH 8, 2018

Ghostery, Edward Snowden’s preferred ad-blocker, details how a privacy tool can actually make money without being gross.

105

105

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Threatpost

MARCH 5, 2018

Report outlines lucrative rise of nefarious cyrptoming groups and their complex new business models.

Hacking 52

Hacking 52

Schneier on Security

MARCH 9, 2018

Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It's in San Francisco, and it's during RSA, so you can attend both.

142

142

Dark Reading

MARCH 9, 2018

Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.

52

52

WIRED Threat Level

MARCH 9, 2018

A sophisticated hacking campaign used routers as a stepping stone to plant spyware deep in target machines across the Middle East and Africa.

Hacking 102

Hacking Spyware 102

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Privacy and Cybersecurity Law

MARCH 6, 2018

Last month, the United States (US) Internal Revenue Service (IRS) issued a warning to US taxpayers that cyber criminals are increasing their […].

Scams 52

Scams Consumer Protection Data breaches Government 52

Kali Linux

MARCH 4, 2018

No, really…this isn’t clickbait. For the past few weeks, we’ve been working with the Microsoft WSL team to get Kali Linux introduced into the Microsoft App Store as an official WSL distribution and today we’re happy to announce the availability of the “Kali Linux” Windows application. For Windows 10 users, this means you can simply enable WSL, search for Kali in the Windows store, and install it with a single click.

Penetration Testing 52

Penetration Testing Malware Software 52

Dark Reading

MARCH 9, 2018

Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.

Malware 52

Malware Software 52

WIRED Threat Level

MARCH 5, 2018

Pennsylvania’s attorney general filed a lawsuit against the ride-hailing giant Monday for failing to disclose a massive hack for over a year—and may not be the last.

Data breaches 101

Data breaches Hacking 101

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Thales Cloud Protection & Licensing

MARCH 8, 2018

In many organizations, the proliferation of encryption deployments has been directly proportional to the rise in disparate key repositories—and associated key management headaches. The Key Management Interoperability Protocol (KMIP) represents a cure to this common malady. Read on to learn more about the standard and why its usage is starting to see explosive growth.

Encryption 48

Encryption Technology Business Services Mobile 48

Threatpost

MARCH 9, 2018

A vulnerability recently found in several robots on the market can enable hackers to cause them to stop working, curse at customers, or even perform violent movements as part of ransomware attacks.

Ransomware 47

Ransomware Marketing Hacking 47

Dark Reading

MARCH 6, 2018

How companies are changing the approach to identity management as people become increasingly digital.

52

52

WIRED Threat Level

MARCH 3, 2018

A higher Equifax tally, Apple vulnerabilities, and more of the week's top security news.

92

92

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!