Schneier on Security
FEBRUARY 7, 2018
This story of leaked Australian government secrets is unlike any other I've heard: It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply. The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys. They were purchased for small change and sat unopened for some months until the locks were attacked with a drill.
Thales Cloud Protection & Licensing
FEBRUARY 9, 2018
With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Whether it’s varying protection levels, differing operational techniques and policies, or juggling multiple keys, managing more than one encryption system can quickly turn into a complex web that demands time, expertise and money to manage effectively.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 9, 2018
I'm not entirely sure how I've gotten to the end of the week feeling completely wrung out whilst having only written the one thing, but here we are. In fairness though, I've put a heap of work into Pwned Passwords version 2 and finally completed the data set. There's some coding work and other logistics to complete before it goes live, but the plan for now is week after next so I'm looking forward to that.
WIRED Threat Level
FEBRUARY 7, 2018
Researcher Mordechai Guri has spent the last four years exploring practically every method of stealthily siphoning data off of a disconnected computer.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
FEBRUARY 8, 2018
A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack : hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I've seen it infect SCADA systems, though. It seems that this mining software is benign, and doesn't affect the performance of the hacked computer.
Thales Cloud Protection & Licensing
FEBRUARY 8, 2018
The 2018 Thales Data Threat Report (DTR) has great information on Big Data use and security. We surveyed more than 1,200 senior security executives from around the world, and virtually all (99%) report they plan to use Big Data this year. Top Big Data Security Concerns. But they rightly have concerns. As the report notes: The top Big Data security issue is that sensitive data can be anywhere – and therefore everywhere – a concern expressed by 34% of global and U.S. respondents.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
FEBRUARY 9, 2018
Polisis, a machine-learning-trained tool, automatically produces readable charts of where your data ends up for any online service.
Schneier on Security
FEBRUARY 6, 2018
The Guardian is reporting that "every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required.". This is the same NHS that was debilitated by WannaCry.
Thales Cloud Protection & Licensing
FEBRUARY 6, 2018
This past month, CEOs, elected leaders and academics from around the globe gathered at the World Economic Forum (WEF) in Davos, Switzerland, to discuss the world’s most pressing problems including technological change, global trade, education, sustainability, and gender equality. As in previous years, digital transformation remained a key theme at the event as well as discussions around artificial intelligence (AI) and IoT technologies impacting the workforce.
Dark Reading
FEBRUARY 9, 2018
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
FEBRUARY 7, 2018
A new twist on the classic Nigerian Prince scheme has jumped from gaming communities to Twitter. And now it's spreading.
Schneier on Security
FEBRUARY 9, 2018
Research shows that what a food is called affects how we think about it. Research paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Threatpost
FEBRUARY 9, 2018
Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad laptops.
eSecurity Planet
FEBRUARY 7, 2018
Industry experts from Coalfire, IEEE and more discuss how AI is shaping the future of IT security.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
FEBRUARY 7, 2018
Infraud may not have been as famous as dark web markets like the Silk Road and Alphabay, but it far outlasted both.
Schneier on Security
FEBRUARY 9, 2018
In " The House that Spied on Me ," Kashmir Hill outfits her home to be as "smart" as possible and writes about the results.
Dark Reading
FEBRUARY 9, 2018
The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
NopSec
FEBRUARY 9, 2018
On Monday, March 19th, NopSec’s Co-founder & CTO, Michelangelo Sidagni will be speaking at this year’s IANS New York Information Security Forum. The Information Security Forum delivers an immersive curriculum with over 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise secur
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
FEBRUARY 9, 2018
The first primary for the 2018 midterm elections takes place March 6—and many states are still woefully underprepared.
Schneier on Security
FEBRUARY 5, 2018
A CNN reporter found.
Kali Linux
FEBRUARY 5, 2018
Welcome to our first release of 2018, Kali Linux 2018.1. This fine release contains all updated packages and bug fixes since our 2017.3 release last November. This release wasn’t without its challenges–from the Meltdown and Spectre excitement (patches will be in the 4.15 kernel) to a couple of other nasty bugs , we had our work cut out for us but we prevailed in time to deliver this latest and greatest version for your installation pleasure.
Dark Reading
FEBRUARY 6, 2018
But the response to the new hacking tool, now readily available to the masses of script kiddies, has been a mix of outrage, fear, some applause, and more than a few shrugs.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
WIRED Threat Level
FEBRUARY 3, 2018
The memo release, Olympics hacking, and more of the week's top security news.
eSecurity Planet
FEBRUARY 6, 2018
Learn about this emerging attack method and how it's impacting organizations around the world in this eSecurityPlanet series.
Threatpost
FEBRUARY 8, 2018
Researchers have identified a new ransomware strain that went undetected by built-in malware protection used by cloud heavyweights Microsoft and Google as recently as January.
Dark Reading
FEBRUARY 7, 2018
Recent Adobe Flash exploit discovered against South Korean targets likely purchased, not developed by the hacking group.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Spinone
FEBRUARY 7, 2018
If your company has a BYOD policy, it can be extremely difficult to manage the apps that are installed and used on users’ own devices that are used for work. These apps can often help improve productivity and collaboration, but they can also introduce many new security risks. User installed apps have a couple of main drawbacks. One is that employees are likely to download popular apps that are used by millions of other users.
eSecurity Planet
FEBRUARY 9, 2018
While both SIEM solutions are popular industry leaders, each has its strengths and weaknesses. We take a close look at both.
Threatpost
FEBRUARY 5, 2018
Researchers have found a new covert data exchange technique that abuses the TLS protocol that can circumvent traditional network perimeter protections.
Dark Reading
FEBRUARY 7, 2018
Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
253 
Let's personalize your content