Schneier on Security

DECEMBER 4, 2017

I agree with Lorenzo Franceschi-Bicchierai, " Cryptocurrencies aren't 'crypto' ": Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word "crypto" as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word "cryptocurrency" -- which probably shouldn't even be called "currency," by the way. [.].

Cryptocurrency 209

Cryptocurrency Internet Internet Technology 209

WIRED Threat Level

DECEMBER 7, 2017

Opinion: Rep. Will Hurd of Texas argues that quantum computers will rock current security protocols that protect government and financial systems.

Risk 111

Risk Government 111

Elie

DECEMBER 2, 2017

This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. At its peak in September 2016, Mirai temporarily crippled several high-profile services such as. OVH. , Dyn. , and.

IoT 107

IoT DDOS Internet Internet 107

Dark Reading

DECEMBER 6, 2017

Updated version includes changes to some existing guidelines - and adds some new ones.

Cybersecurity 90

Cybersecurity 90

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

DECEMBER 6, 2017

The German Interior Minister is preparing a bill that allows the government to mandate backdoors in encryption. No details about how likely this is to pass. I am skeptical.

Encryption 199

Encryption Government 199

WIRED Threat Level

DECEMBER 5, 2017

Opinion: A new report from Citizen Lab shows that governments are using commercial spyware to surveil dissidents and journalists.

Spyware 111

Spyware Surveillance Government 111

eSecurity Planet

DECEMBER 5, 2017

Just 2 percent say IoT presents no new security challenges.

IoT 75

IoT 75

Schneier on Security

DECEMBER 5, 2017

Matt Blaze's House testimony on the security of voting machines is an excellent read. (Details on the entire hearing is here.) I have not watched the video.

178

178

WIRED Threat Level

DECEMBER 5, 2017

The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol.

223

223

Dark Reading

DECEMBER 5, 2017

Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.

71

71

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

eSecurity Planet

DECEMBER 7, 2017

The deadline is less than six months away.

69

69

Schneier on Security

DECEMBER 8, 2017

New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper : Abstract : Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of certificate hostname verification but, in general, this is easy to detect.

Banking 165

Banking VPN Encryption Authentication 165

WIRED Threat Level

DECEMBER 5, 2017

A green padlock might make it seem like a site is secure, but increasingly phishers are using it to lure victims into giving up sensitive info.

Encryption 111

Encryption Phishing 111

Thales Cloud Protection & Licensing

DECEMBER 6, 2017

In the month of November, I wrote about the options available specifically to secure data as part of a PCI DSS compliance effort. In this blog, I explore ideas for how the technology in question can be leveraged effectively for much broader general data protection requirements that are equally important for a wide variety of organizations. The benefits of thinking beyond PCI DSS.

Encryption 63

Encryption Big data Technology 63

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

eSecurity Planet

DECEMBER 8, 2017

The 4,736 Bitcoin stolen from NiceHash have surged in value over the past few days.

Cryptocurrency 66

Cryptocurrency 66

Dark Reading

DECEMBER 6, 2017

The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.

Cybersecurity 61

Cybersecurity Government 61

WIRED Threat Level

DECEMBER 2, 2017

A bill to punish hack hiders, Apple bug fix bumbling, and more of the week's top security stories.

Data breaches 111

Data breaches Hacking 111

Threatpost

DECEMBER 5, 2017

TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission.

Hacking 58

Hacking 58

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

eSecurity Planet

DECEMBER 5, 2017

Google end 2017 the same way it began the year, by patching media framework flaws.

Media 64

Media 64

Dark Reading

DECEMBER 7, 2017

Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.

Healthcare 60

Healthcare Ransomware Risk 60

WIRED Threat Level

DECEMBER 7, 2017

With Project Sopris, Microsoft has a new hardware solution for the next wave of IoT security problems.

IoT 110

IoT 110

Threatpost

DECEMBER 8, 2017

An Android vulnerability called Janus allows attackers to inject malicious code into signed Android apps.

Mobile 49

Mobile Malware Hacking 49

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

eSecurity Planet

DECEMBER 4, 2017

VIDEO: Nadir Izrael, co-founder and CTO of Armis Security, discusses the evolving landscape for Internet of Things security.

IoT 61

IoT Internet Internet 61

Dark Reading

DECEMBER 4, 2017

Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.

Malware 58

Malware 58

WIRED Threat Level

DECEMBER 5, 2017

With the release of Ghostery 8, the popular ad-blocker introduces artificial intelligence and Smart Mode, a whole new level of usability for beginners.

Artificial Intelligence 109

Artificial Intelligence 109

Threatpost

DECEMBER 7, 2017

Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.

Banking 49

Banking Mobile VPN Hacking 49

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

eSecurity Planet

DECEMBER 6, 2017

It also dropped throughout 2017, a recent study found.

53

53

Dark Reading

DECEMBER 4, 2017

Nghia Hoang Pho faces up to eight years in prison for removing highly classified NSA data from workplace and storing it at home.

55

55

WIRED Threat Level

DECEMBER 7, 2017

A new Iran-linked hacking group called APT 34 has been spotted lurking in the networks of financial, energy, telecom, and chemical companies.

Hacking 109

Hacking 109

Threatpost

DECEMBER 6, 2017

As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical.

Encryption 47

Encryption Mobile 47

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!