Sat.Oct 30, 2021 - Fri.Nov 05, 2021

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns.

Hiding Vulnerabilities in Source Code

Schneier on Security

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: lastwatchdog.com receives recognition as a Top 10 cybersecurity webzine in 2021

The Last Watchdog

Last Watchdog’s mission is to foster useful understanding about emerging cybersecurity and privacy exposures. Related article: The road to a Pulitzer. While I no longer concern myself with seeking professional recognition for doing this, it’s, of course, always terrific to receive peer validation that we’re steering a good course. That’s why I’m thrilled to point out that Last Watchdog has been recognized, once again, as a trusted source of information on cybersecurity and privacy topics.

Cybersecurity startup ideas

Javvad Malik

I’ve seen VC’s fund many security and tech startups. Lots of the ideas are rubbish, so I’ve come up with my own ideas that aren’t rubbish so VC’s can fund me instead. Don’t steal any of my ideas or I will sue you! Take a human skull and 3D print an eyeball on it, add Linux to the inside where the brain would be. Website uses photo of person looking out from screen with windows environment running, call this cyberSURVIVOR.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

‘Tis the Season for the Wayward Package Phish

Krebs on Security

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery.

On Cell Phone Metadata

Schneier on Security

Interesting Twitter thread on how cell phone metadata can be used to identify and track people who don’t want to be identified and tracked. Uncategorized cell phones identification tracking

210
210

More Trending

Where Next for Cybersecurity in the Federal Government?

Lohrman on Security

What’s hot right now in the federal government cybersecurity space? What can we expect from the Biden White House as we move into 2022 and face new threats

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online.

US Blacklists NSO Group

Schneier on Security

The Israeli cyberweapons arms manufacturer — and human rights violator , and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them.

GUEST ESSAY: How stricter data privacy laws have redefined the ‘filing’ of our personal data

The Last Watchdog

Filing systems, historically speaking, have been all about helping its users find information quickly. Related: GDPR and the new privacy paradigm. Europe’s General Data Protection Regulations (GDPR) changed the game. Generally, filing systems sort by date, department, topic, etc. Legacy filing systems were not built to keep track of the personal data of specific individuals primarily to be in compliance with the many data protection regulations popping up around the world.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

The Future of Cybersecurity Isn’t What We Expected

Javvad Malik

We were told that by now, we would live in a perfect world with flying cars. But that hasn’t arrived yet. We also believed that cybersecurity would be a problem that would have been solved, but it just seems to be getting worse. But what if the problem isn’t getting worse. What if we have solved cybersecurity and we do have flying cars – we’re just not looking at things in the right way.

To Secure DevOps, Security Teams Must be Agile

Dark Reading

The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure

114
114

Using Fake Student Accounts to Shill Brands

Schneier on Security

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account.

MY TAKE: For better or worse, machine-to-machine code connections now form much of the castle wall

The Last Watchdog

Managing permissions is proving to be a huge security blind spot for many companies. Related: President Biden’s cybersecurity order sets the stage. What’s happening is that businesses are scaling up their adoption of multi-cloud and hybrid-cloud infrastructures. And in doing so, they’re embracing agile software deployments, which requires authentication and access privileges to be dispensed, on the fly, for each human-to-machine and machine-to-machine coding connection.

Making the best of a bad situation

Javvad Malik

It must have been around 2005. I was fed up with my job. I was the at that stage of life where I had the perfect balance of youthful arrogance, a disdain of authority, and just enough knowledge to give me illusions that I could do my boss, and his boss, and his bosses job better than they could combined. So, I did what anyone would do – updated my CV and sent it out to recruiters.

A Drone Tried to Disrupt the Power Grid. It Won't Be the Last

WIRED Threat Level

An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it. Security Security / Security News

114
114

NSO Group Among Those Added to Commerce’s EAR Entity List

Security Boulevard

This week, the Department of Commerce (DoC) amended its export administrative regulations (EAR) with the addition of four companies onto the entity list, effective November 4, 2021.

How Is Zero Trust Different From Traditional Security?

Dark Reading

Unlike traditional security approaches, the zero-trust security model verifies a user's identity each and every time they need specific system access

114
114

Roll your own VPN and other tech advice

Javvad Malik

Like many people, over the last couple of years, my main real interaction with people outside of my immediate family and Amazon delivery drivers has been via the internet. The beauty of the internet is that you don’t need to shower, put on decent clothes, or worry about offending anyone. If anything, offending someone is an online ritual that everyone partakes in at some point or another. There are many highly skilled security professionals online.

VPN 122

1.8TB of Police Helicopter Surveillance Footage Leaks Online

WIRED Threat Level

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be. Security Security / Privacy

Cisco warns of hard-coded credentials and default SSH key issues in some products

Security Affairs

Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys.

Having Trouble Finding Cybersecurity Talent? You Might Be the Problem

Dark Reading

Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start

11 cybersecurity buzzwords you should stop using right now

CSO Magazine

Cybersecurity buzzwords and buzz phrases are a dime a dozen. Used to simplify complex terminology or boost sales and marketing campaigns, buzzwords are an inescapable reality for an innovative and fast-paced industry like information security.

CSO 114

Ransomware news trending on Google

CyberSecurity Insiders

Big news, the Biden administration is offering a $10m reward for those offering any valid information on the DarkSide Ransomware Group that shut down fuel supply of Colonial Pipeline until a ransom was paid.

Staying Current in an Ever-Changing Regulatory Landscape

Security Boulevard

It’s not just that there is a lot of data generated today; it’s how quickly that data is generated. The hourly increase in data makes meeting regulatory compliance difficult enough, but adding to the challenge is the ever-changing regulatory landscape.

CISO 114

5 MITRE ATT&CK Tactics Most Frequently Detected by Cisco Secure Firewalls

Dark Reading

Cisco Security examines the most frequently encountered MITRE ATT&CK tactics and techniques

Stealthy Trojan that roots Android devices makes its way on app stores

CSO Magazine

The Google Play store has become better in recent years at policing malware, raising the bar for attackers, but well-crafted stealthy Trojans continue to slip in from time to time.

Reversing a binary using GDB: tutorial for Reverse Engineers

CyberSecurity Insiders

This blog was written by an independent guest blogger. Reversing binaries is an essential skill if you want to pursue a career as exploit developer, reverse engineer or programming. The GNU Project debugger is a widely used debugger for debugging C and C++ applications on UNIX systems.

A drone was modified to disrupt U.S. Power Grid, says intelligence bulletin

Security Affairs

US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. . US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year.

Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks

Dark Reading

A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack

114
114

6 security analyst certifications to advance your career

CSO Magazine

The security analyst is the backbone of a company’s day-to-day IT security.

113
113

Ransomware and the Uncertainties of Cyberinsurance

Security Boulevard

Ransomware attacks are ubiquitous, and the insurance markets are chaotic. That, at least, seems to be the state of cybersecurity and risk mitigation since the COVID-19 pandemic began.

Cyber Attack at the University of Colorado

CyberSecurity Insiders

A formal announcement made by the University of Colorado, Boulder division on October 25th this year has clarified that some hackers somehow infiltrated into its database and stole data related to thousands of students and staff members.

How to Avoid Another Let's Encrypt-Like Meltdown

Dark Reading

Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires

How to hack a phone: 7 common attack methods explained

CSO Magazine

The smartphone revolution was supposed to provide a second chance for the tech industry to roll out a secure computing platform. These new devices were purported to be locked down and immune to malware, unlike buggy PCs and vulnerable servers.