Schneier on Security
DECEMBER 28, 2017
Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUAL_EC_PRNG random number generator to weaken TLS.
Troy Hunt
DECEMBER 28, 2017
It's Xmas! Well, it was Xmas but I (and hopefully you too) am still in that Xmas period haze where it's hard to tell one day from the next. Apparently, it's also hard to remember to hit record before talking about this week's updates so yeah, good one Troy! But I did eventually record a full update and in an otherwise slow news week, I thought I'd talk a little bit about Xmas down under in Australia.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
DECEMBER 27, 2017
Researchers found that network configuration errors have left thousands of high-end speakers open to epic audio pranking.
Threatpost
DECEMBER 27, 2017
Ancestry.com closes parts of its community-driven genealogy site RootsWeb as it investigates a leaky server that exposed thousands of passwords, email addresses and usernames to the public internet.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
DECEMBER 26, 2017
Interesting destructive attack: " Acoustic Denial of Service Attacks on HDDs ": Abstract : Among storage components, hard disk drives (HDDs) have become the most commonly-used type of non-volatile storage due to their recent technological advances, including, enhanced energy efficacy and significantly-improved areal density. Such advances in HDDs have made them an inevitable part of numerous computing systems, including, personal computers, closed-circuit television (CCTV) systems, medical bedsi
Troy Hunt
DECEMBER 28, 2017
Regular readers will know I create a lot of Pluralsight courses. It's now 5 years ago I started writing my first one which incidentally, is still my highest rated course every month (apparently the OWASP Top 10 as it relates to ASP.NET is still a big thing). Most of the time, the courses I create are on topics I know well, primarily on security but occasionally with a bit of cloud and development practices sprinkled in for variety.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Threatpost
DECEMBER 28, 2017
Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public.
Schneier on Security
DECEMBER 27, 2017
NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.).
Troy Hunt
DECEMBER 23, 2017
Lord Lansdowne. Henry Charles Keith Petty-Fitzmaurice (1845 – 1927), the 5th Marquess of Lansdowne, was a distinguished British statesman who held senior positions in both Liberal Party and Conservative Party governments. He had served as the fifth Governor General of Canada, Viceroy of India, Secretary of State for War, and Secretary of State for Foreign Affairs.
WIRED Threat Level
DECEMBER 23, 2017
As the debate over Section 702 continues, those deciding its fate don't know basic facts about how it works.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
eSecurity Planet
DECEMBER 29, 2017
As we inch closer to the end of the year, all brands have their eyes on the evolving marketing trends for 2018. To prepare, teams often start by brainstorming answers. The post The One Content Trend Essential to a Marketing Strategy in 2018 appeared first on Kapost Content Marketing Blog.
Dark Reading
DECEMBER 29, 2017
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
WIRED Threat Level
DECEMBER 23, 2017
A fake *Cuphead*, a WhatsApp privacy blow-up, and more of the week's top security news.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
eSecurity Planet
DECEMBER 27, 2017
And almost half of those breaches were caused by a third-party vendor or contractor.
Spinone
DECEMBER 24, 2017
Computer software is often prone to attacks. This could be due to internal or external reasons. One of such attacks is caused by a security hole which is then exploited by hackers. A zеrо dау vulnerability is a hоlе in computer ѕоftwаrе thаt iѕ not fixed by the vеndоr.
Dark Reading
DECEMBER 29, 2017
When you think of bocce or pétanque, it is hard not to think of groups of retired men, sipping on cool drinks and tossing balls in the shade of a park. It’s as though the casual sport is stuck in the past—in a good way, to be sure.
WIRED Threat Level
DECEMBER 29, 2017
Numerous tales of hacking and breaches proves just how permeable the digital membrane can be.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
eSecurity Planet
DECEMBER 28, 2017
And just 11 percent plan to add one in the coming year.
Threatpost
DECEMBER 26, 2017
Mozilla has patched one critical vulnerability in its Thunderbird email client along with two bugs rated high.
Dark Reading
DECEMBER 29, 2017
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
WIRED Threat Level
DECEMBER 27, 2017
Here’s a six-month old essay about online media that resonated with me for a couple of reasons. Firstly, because I was an early-ish analyst blogger in the learning space (2006) and blogged the same way the writer did back then (quick commentary vs in-depth analysis) and secondly, it’s a sad and accurate story of how we got to where we are today – from WordPress-powered “Hello World” reflective blogs to memes and to trolls on Reddit – basically, a whole bunch o
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
eSecurity Planet
DECEMBER 29, 2017
The overall number of attacks rose by 15.6 percent over the previous quarter.
Schneier on Security
DECEMBER 29, 2017
New research : "Global proliferation of cephalopods" Summary : Human activities have substantially changed the world's oceans in recent decades, altering marine food webs, habitats and biogeochemical processes. Cephalopods (squid, cuttlefish and octopuses) have a unique set of biological traits, including rapid growth, short lifespans and strong life-history plasticity, allowing them to adapt quickly to changing environmental conditions.
Dark Reading
DECEMBER 29, 2017
The government says its rules are to protect security and stability, but some say they are repressive.
WIRED Threat Level
DECEMBER 28, 2017
From Donald Trump to Russian hackers, these are the dangerous characters we’ve been watching online in 2017.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
eSecurity Planet
DECEMBER 29, 2017
Good news for the employment market and recruiting industry moving into 2018 with employers in all US regions and industry sectors expected to increase staff. The manufacturing and construction industries in particular are experiencing a rejuvenation leading to a marked increase in job openings within those sectors. The overall unemployment rate is expected to continue to drop over the next two years.
Schneier on Security
DECEMBER 29, 2017
New York Magazine published an excellent profile of the single-document leaker Reality Winner.
Expert insights. Personalized for you.
163 
Let's personalize your content