Schneier on Security
MARCH 14, 2018
One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average?
WIRED Threat Level
MARCH 13, 2018
After a series of scandals related to misinformation, YouTube CEO Susan Wojcicki announced the company would begin directing users to sources like Wikipedia.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
MARCH 10, 2018
This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.
Thales Cloud Protection & Licensing
MARCH 13, 2018
Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. In Linux, for instance, it takes four openSSL commands to generate an encryption key and encrypt data. However, simply encrypting data is not a sufficient control when storing data in the cloud.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
MARCH 15, 2018
Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two sets: what humans do well and what computers do well.
WIRED Threat Level
MARCH 12, 2018
While some major distributed-denial-of-service attacks have been thwarted this month, the threat remains as critical as ever.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Elie
MARCH 10, 2018
This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.
Schneier on Security
MARCH 13, 2018
I don't know what to make of this story : The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec's certificate issuance business after Symantec was caught flouting binding industry rules , prompting Google to distrust Symantec certificates in its Chro
WIRED Threat Level
MARCH 16, 2018
YouTube and other tech giants have repeatedly turned to Wikipedia to help solve some of their biggest problems—often without giving back.
Dark Reading
MARCH 16, 2018
Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
eSecurity Planet
MARCH 13, 2018
The flaw affects all versions of Windows.
Schneier on Security
MARCH 12, 2018
Seems like everyone is writing about encryption and backdoors this season. " Policy Approaches to the Encryption Debate ," R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. " Encryption Policy in Democratic Regimes ," East West Institute. I recently blogged about the new National Academies report on the same topic.
WIRED Threat Level
MARCH 13, 2018
A newly passed bill in the Florida Legislature would bring unprecedented levels of transparency to the criminal justice system.
Dark Reading
MARCH 14, 2018
New research shows security leaders have false confidence in their ability to respond to security incidents.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Threatpost
MARCH 15, 2018
A Walmart jewelry partners' misconfigured AWS S3 bucket left personal details and contact information of 1.3 million customers in plain sight.
Schneier on Security
MARCH 16, 2018
This is a good article on the complicated story of hacker Marcus Hutchins.
WIRED Threat Level
MARCH 15, 2018
From election meddling to NotPetya to grid hacking, Russia's digital provocations are no longer being ignored.
Dark Reading
MARCH 13, 2018
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Thales Cloud Protection & Licensing
MARCH 15, 2018
Permissioned blockchains are growing in popularity as businesses attempt to cash in on the blockchain trend while keeping a firm hand on the tiller. Contrary to their non-permissioned cousins (such as bitcoin or Ethereum), permissioned blockchains are controlled by an authority that grants permission to every node that participates. In this blog ( originally published on Dark Reading), Duncan Jones, Head of Skunkworks at Thales eSecurity, Duncan discusses the characteristics of a perimissioned b
Schneier on Security
MARCH 12, 2018
Here's another company that claims to unlock phones for a price.
WIRED Threat Level
MARCH 16, 2018
Despite warnings and flagged accounts, Zello left accounts with ISIS flag avatars and jihadist descriptions live on its service.
Dark Reading
MARCH 12, 2018
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Threatpost
MARCH 15, 2018
Despite setbacks hackers behind GandCrab malware are pushing ahead with lucrative new ransomware strain thanks to quick-and-dirty agile development approach.
Spinone
MARCH 11, 2018
Google provides a feature for Google Workspace (former G Suite) users called ‘Two-Step Verification,’ which is designed to improve the security of not only your Google Workspace account, but your entire online presence. If your Google account is ever hacked, a domino effect may ensue. You are particularly vulnerable if you reuse the same password […] The post How to Protect Your Google Workspace Account first appeared on SpinOne.
WIRED Threat Level
MARCH 13, 2018
As an Israeli security firm outlines real flaws in AMD's chips, the security community questions its motivations.
Dark Reading
MARCH 14, 2018
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Threatpost
MARCH 15, 2018
An Iran-linked group is linked to a massive spear phishing campaign that sends malicious Word Docs to victims in Asia and the Middle East.
Elie
MARCH 10, 2018
In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.
The Falcon's View
MARCH 12, 2018
I started my security (post-sysadmin) career heavily focused on security policy frameworks. It took me down many roads, but everything always came back to a few simple notions, such as that policies were a means of articulating security direction, that you had to prescriptively articulate desired behaviors, and that the more detail you could put into the guidance (such as in standards, baselines, and guidelines), the better off the organization would be.
Dark Reading
MARCH 14, 2018
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
245 
Let's personalize your content