Schneier on Security
JANUARY 23, 2018
This is a clever attack. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.
Thales Cloud Protection & Licensing
JANUARY 25, 2018
This morning we announced, in tandem with our partner 451 Research, the Global Edition of the 2018 Thales Data Threat Report. It’s abundantly clear that medium to larger enterprises (the focus of the report and underlying survey) are finding it harder than ever to protect their sensitive data. The twin drivers of the problem are increased threats and the drive to digitally transform how organizations deliver value and revenue.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
JANUARY 21, 2018
Opinion: Researchers from Yale Privacy Lab argue that the scourge of trackers in Android apps means users should stop using the Google Play store.
Dark Reading
JANUARY 23, 2018
Following these tips can improve your security visibility and standardize management across hybrid environments.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
JANUARY 26, 2018
On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going t
Threatpost
JANUARY 21, 2018
Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
JANUARY 24, 2018
Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.
Schneier on Security
JANUARY 22, 2018
Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active.
Thales Cloud Protection & Licensing
JANUARY 24, 2018
November 2017 saw one of Australia’s biggest ever data breaches, in which sensitive personal information regarding almost 50,000 consumers and 5,000 public servants was exposed online. Around the same time, US fashion retailer Forever 21 admitted that hackers had collected customers’ credit card information from its stores’ point of sale terminals over much of 2017, and the information of nearly 1.2 billion Indian citizens was reported to have been made publicly available when the country’s nati
WIRED Threat Level
JANUARY 23, 2018
Thanks to Tinder's patchwork use of HTTPS, researchers found they could reconstruct someone's entire experience in the app.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
JANUARY 24, 2018
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Schneier on Security
JANUARY 22, 2018
The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp. From the Lookout announcement: Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries and thousands of victims.
Lenny Zeltser
JANUARY 21, 2018
This cheat sheet offers advice for product managers of new IT solutions at startups and enterprises. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Responsibilities of a Product Manager. Determine what to build, not how to build it. Envision the future pertaining to product domain. Align product roadmap to business strategy.
WIRED Threat Level
JANUARY 25, 2018
As the so-called Doomsday Clock ticks even closer to midnight, a reminder of just how easy it is to slip into nuclear war.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
JANUARY 22, 2018
Hacktivists driven by political, religious, and other causes commonly exploit basic vulnerabilities to spread their messages, researchers say.
eSecurity Planet
JANUARY 26, 2018
A look at how security vendors that are employing artificial intelligence and machine learning to help IT security teams.
Threatpost
JANUARY 25, 2018
Dueling browsers, Mozilla Firefox and Google Chrome, have patched bugs and beefed up security.
WIRED Threat Level
JANUARY 26, 2018
Scouring the blockchain, researchers found years-old evidence tying Silk Road transaction to users' public accounts.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
JANUARY 22, 2018
New Kroll Annual Global Fraud & Risk Report says 86% of companies worldwide experienced security incidents and information theft and loss in the past twelve months.
eSecurity Planet
JANUARY 24, 2018
Curious about DMARC? Learn how to set up a basic DMARC email security policy, including SPF and DKIM, in this eSecurity Planet tutorial.
Threatpost
JANUARY 26, 2018
Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script.
WIRED Threat Level
JANUARY 22, 2018
Pixek, an end-to-end encrypted photo app, could point to the future of searchable cloud data storage.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
JANUARY 26, 2018
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
The Falcon's View
JANUARY 25, 2018
There are shenanigans afoot, I tell ya; shenanigans! I was recently contacted by an intermediary asking if I'd be interested in writing a paid blog post slamming analysts, to be published on my own blog site, and then promoted by the vendor. No real details were given other than the expectation to slam analyst firms, but once I learned who was funding the initiative, it became pretty clear what was going on.
Threatpost
JANUARY 25, 2018
ASUS patched a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root.
WIRED Threat Level
JANUARY 20, 2018
False alarms, free speech, and more of the week's top security news.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
JANUARY 25, 2018
Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.
Spinone
JANUARY 21, 2018
With the technologies in cloud computing moving so fast, and adoption rates increasing rapidly, we can expect to see some exciting developments in 2017. At the same time, security risks are at an all time high and cloud services must constantly battle between developing new innovations and investing in proactive measures to keep cybercriminals out. Many IT specialists are predicting that 2018 will be “the year of the cloud”, as companies increasingly have to deal with the backup need
Threatpost
JANUARY 23, 2018
Widespread reports of reboot issues on some Intel systems force the chip giant to pump the brakes on rolling out patches for side-channel vulnerabilities.
Troy Hunt
JANUARY 24, 2018
Usually when we talk about information security, we're talking about the mechanics of how things work. The attacker broke into a system due to a reused password, there was SQL injection because queries weren't parameterised or the company got ransomware'd because they didn't patch their things. These are all good discussions - essential discussions - but there's a broader and perhaps even more important one that we need to have and that's about the security culture within organisations.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
274 
Let's personalize your content