Schneier on Security
MARCH 5, 2018
This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research to be done here.
Troy Hunt
MARCH 9, 2018
I'm in Seattle! This has been a mega week at the Microsoft MVP and Regional Director summits and as I say in the video, I'm actually a little run down now that it's all done. But I've had a wonderful week of meeting a heap of people and seeing some very cool stuff from Microsoft, especially around Azure which remains one of my favourite tech things.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thales Cloud Protection & Licensing
MARCH 6, 2018
Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data.
WIRED Threat Level
MARCH 9, 2018
Reddit has deleted hundreds of Russian troll accounts, but the links they shared remain, forming a digital trail of the Internet Research Agency's actions on the platform.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
MARCH 6, 2018
Interesting research: " Finding The Greedy, Prodigal, and Suicidal Contracts at Scale ": Abstract: Smart contracts -- stateful executable objects hosted on blockchains like Ethereum -- carry billions of dollars worth of coins and cannot be updated once deployed. We present a new systematic characterization of a class of trace vulnerabilities , which result from analyzing multiple invocations of a contract over its lifetime.
Elie
MARCH 9, 2018
This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an approach previously unheard of in malware. This talk starts by providing an in-depth analysis of how Gooligan’s kill-chain works from infection and exploitation to system-wide compromise.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
MARCH 8, 2018
Dutch police detail for the first time how they secretly hijacked Hansa, Europe's most popular dark web market.
Schneier on Security
MARCH 5, 2018
Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it's almost a no-brainer.
Dark Reading
MARCH 5, 2018
Experts share the security-focused issues all businesses should explore when researching and using cloud services.
Privacy and Cybersecurity Law
MARCH 6, 2018
Last month, the United States (US) Internal Revenue Service (IRS) issued a warning to US taxpayers that cyber criminals are increasing their […].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
MARCH 7, 2018
A leaked NSA tool offers a glimpse into what the NSA knows about the hacking operations of adversaries—some of which may still be secretly ongoing.
Schneier on Security
MARCH 7, 2018
This is worrisome: DDoS vandals have long intensified their attacks by sending a small number of specially designed data packets to publicly available services. The services then unwittingly respond by sending a much larger number of unwanted packets to a target. The best known vectors for these DDoS amplification attacks are poorly secured domain name system resolution servers , which magnify volumes by as much as 50 fold, and network time protocol , which increases volumes by about 58 times.
Dark Reading
MARCH 5, 2018
Two separate reports suggest insiders - of the malicious and careless variety - pose more of a problem in healthcare than any other sector.
Threatpost
MARCH 6, 2018
Malware found on POS systems at Applebee's restaurants potentially stole customer credit card information.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
MARCH 5, 2018
Pennsylvania’s attorney general filed a lawsuit against the ride-hailing giant Monday for failing to disclose a massive hack for over a year—and may not be the last.
Schneier on Security
MARCH 9, 2018
Responding to the lack of diversity at the RSA Conference, a group of security experts have announced a competing one-day conference: OUR Security Advocates, or OURSA. It's in San Francisco, and it's during RSA, so you can attend both.
Dark Reading
MARCH 7, 2018
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Threatpost
MARCH 9, 2018
A vulnerability recently found in several robots on the market can enable hackers to cause them to stop working, curse at customers, or even perform violent movements as part of ransomware attacks.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
MARCH 9, 2018
A sophisticated hacking campaign used routers as a stepping stone to plant spyware deep in target machines across the Middle East and Africa.
Schneier on Security
MARCH 8, 2018
Interesting history of the US Army Security Agency in the early years of Cold War Germany.
Dark Reading
MARCH 8, 2018
Security expert and former Illinois state senate candidate John Bambenek details his two months of online interaction with the 'unsupervised cutout' who shared with him more stolen DCCC documents.
Threatpost
MARCH 9, 2018
Hanwha is patching 13 vulnerabilities in its SmartCam security camera that allows attackers to take control of the device, use it to gain further network access or just brick it.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
MARCH 7, 2018
EternalBlue leaked to the public nearly a year ago. It's wreaked havoc ever since.
eSecurity Planet
MARCH 7, 2018
We review the KACE Systems Management Appliance, a patch and endpoint management solution that can patch 20,000 machines in four hours.
Dark Reading
MARCH 6, 2018
Researchers from Italy's University of Padua will demo a new technique to evade Control Flow Guard, the widely deployed security mechanism, at Black Hat Asia.
Threatpost
MARCH 9, 2018
A new analysis of the Russian-speaking Sofacy APT gang shows a continual march toward Far East targets and overlapping of activities with other groups such as Lamberts, Turla and Danti.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
MARCH 8, 2018
Ghostery, Edward Snowden’s preferred ad-blocker, details how a privacy tool can actually make money without being gross.
eSecurity Planet
MARCH 8, 2018
We review Cisco's Next-Generation Intrusion Prevention System, which can defend small branch offices up to large enterprises against security breaches
Dark Reading
MARCH 7, 2018
Software Security Masters are better at handling application development security and show much higher growth than their peers. Here's how to become one.
Threatpost
MARCH 5, 2018
Report outlines lucrative rise of nefarious cyrptoming groups and their complex new business models.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
142 
Let's personalize your content