Schneier on Security

FEBRUARY 12, 2018

There are a lot : The cybersecurity company McAfee recently uncovered a cyber operation, dubbed Operation GoldDragon, attacking South Korean organizations related to the Winter Olympics. McAfee believes the attack came from a nation state that speaks Korean, although it has no definitive proof that this is a North Korean operation. The victim organizations include ice hockey teams, ski suppliers, ski resorts, tourist organizations in Pyeongchang, and departments organizing the Pyeongchang Olympi

Internet 231

Internet Internet Cyber Attacks DDOS 231

Troy Hunt

FEBRUARY 16, 2018

I had plans this week. Monday was going to be full of coding work around Pwned Passwords V2 (and a few other HIBP things) then Texthelp went and got themselves pwned and there went my day writing about the ramifications of that. This is a genuinely important issue and the whole concept of the JavaScript supply chain needs much better thought. We've got the technology, it's just that most people don't know it exists!

Data breaches 111

Data breaches Marketing Passwords Internet 111

WIRED Threat Level

FEBRUARY 16, 2018

In the wake of the Mueller indictment of a Russian troll farm, any attempt to claim that the 2016 election wasn’t affected by Russian meddling is laughable.

112

112

Thales Cloud Protection & Licensing

FEBRUARY 15, 2018

Another day, another breach. It’s sarcastic, it’s comical, but it’s also real. Barely a day goes by where we don’t hear of a data breach. Affecting big companies and small in virtually every vertical and hitting government institutions at the local, state and federal level, sensitive data is routinely exfiltrated, stolen and leveraged with shocking regularity.

Identity Theft 89

Identity Theft IoT Technology Encryption 89

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 14, 2018

Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn't mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies, security best practices, consumer awareness, the motivation and skill of the hacker and the desirability of the data.

Internet 134

Internet Internet Government Hacking 134

Dark Reading

FEBRUARY 14, 2018

In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.

Cybersecurity 79

Cybersecurity 79

Thales Cloud Protection & Licensing

FEBRUARY 13, 2018

As data breaches continue to plague organisations worldwide, South Africa is taking extra measures to protect its citizens by rolling out new legislation. The country’s Protection of Personal Information (POPI) Act imposes requirements on holders of personal data to guard against unauthorised access and, in the event of a breach, mandates that the organisation notify the Regulator and the impacted data subjects.

Encryption 66

Encryption Government Risk Technology 66

Schneier on Security

FEBRUARY 13, 2018

Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its internal fan generates , by changing air temperatures in patterns that the receiving computer can detect with thermal sensors , or even by blinking out a stream of information from a computer hard dr

Cybersecurity 133

Cybersecurity 133

Threatpost

FEBRUARY 16, 2018

Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters. .

Mobile 63

Mobile Hacking 63

WIRED Threat Level

FEBRUARY 15, 2018

The "Protect" menu item in Facebook's mobile apps refers users to the company's Onavo Protect VPN, but the tool falls short of basic privacy standards.

VPN 111

VPN Mobile 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

FEBRUARY 12, 2018

Paying security researchers to find vulnerabilities can be a winning formula. Find out more in the first part of this eSecurity Planet series.

59

59

Schneier on Security

FEBRUARY 16, 2018

The National Academies has just published " Decrypting the Encryption Debate: A Framework for Decision Makers." It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here.

Encryption 114

Encryption 114

Dark Reading

FEBRUARY 14, 2018

Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.

Malware 68

Malware Technology Cybersecurity 68

WIRED Threat Level

FEBRUARY 16, 2018

A new Justice Department indictment alleges Russia's disinformation operations created bank and social media accounts using the stolen identities of real US citizens.

Banking 105

Banking Media Accountability 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

eSecurity Planet

FEBRUARY 15, 2018

A look at top vendors in the market for web security gateway solutions, a critical tool for defending against web threats.

Marketing 60

Marketing 60

Schneier on Security

FEBRUARY 15, 2018

Good Washington Post op-ed on the need to use voter-verifiable paper ballots to secure elections, as well as risk-limiting audits.

Risk 125

Risk 125

Dark Reading

FEBRUARY 16, 2018

These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.

61

61

WIRED Threat Level

FEBRUARY 15, 2018

In the wake of Wednesday's Parkland, Florida school shooting Russian bots have taken to Twitter to stoke the gun control debate.

112

112

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

FEBRUARY 15, 2018

Malicious e-mail attachments used in this campaign don’t display any warnings when opened and silently install malware.

Malware 52

Malware Passwords Hacking 52

Spinone

FEBRUARY 14, 2018

The cloud computing boom has brought many benefits to businesses regarding increased productivity and easier accessibility to corporate online systems. Unfortunately, it has also introduced some new security concerns and an increase in the number of data breaches that occur each year. The main reason for this is that cloud services make it much easier to access and share data from outside the organization.

Cloud Migration 40

Cloud Migration Data breaches Risk Mobile 40

Dark Reading

FEBRUARY 13, 2018

Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.

Mobile 48

Mobile 48

WIRED Threat Level

FEBRUARY 12, 2018

Researchers at Cisco Talos detail a new piece of disruptive, highly infectious malware with a clear target: the Pyeongchang Olympics IT infrastructure.

Malware 94

Malware 94

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

FEBRUARY 14, 2018

Researchers now believe attackers may have had prior access to networks and that malware was more sophisticated than originally believed.

Malware 47

Malware Government Hacking 47

eSecurity Planet

FEBRUARY 15, 2018

A look at top vendors in the market for web security gateway solutions, a critical tool for defending against web threats.

Marketing 48

Marketing 48

Dark Reading

FEBRUARY 12, 2018

By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.

Ransomware 47

Ransomware 47

WIRED Threat Level

FEBRUARY 15, 2018

From SMS notifications to an egregious number of emails, the social media company's desperation has gone too far.

Media 101

Media 101

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Threatpost

FEBRUARY 12, 2018

The attack could have been averted through a technique called subresource integrity, according to researcher Scott Helme.

Cryptocurrency 46

Cryptocurrency Government Hacking 46

Schneier on Security

FEBRUARY 16, 2018

There's a squid pin on Kickstarter. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

107

107

Dark Reading

FEBRUARY 13, 2018

A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.

Banking 50

Banking Cryptocurrency Phishing 50

WIRED Threat Level

FEBRUARY 12, 2018

By bringing the Snap Map out of the app and onto the web, Snap hopes to bring Snapchat to the masses like never before.

88

88

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk