Schneier on Security
DECEMBER 4, 2017
I agree with Lorenzo Franceschi-Bicchierai, " Cryptocurrencies aren't 'crypto' ": Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word "crypto" as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word "cryptocurrency" -- which probably shouldn't even be called "currency," by the way. [.].
WIRED Threat Level
DECEMBER 5, 2017
The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
DECEMBER 5, 2017
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Threatpost
DECEMBER 5, 2017
TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
DECEMBER 6, 2017
The German Interior Minister is preparing a bill that allows the government to mandate backdoors in encryption. No details about how likely this is to pass. I am skeptical.
WIRED Threat Level
DECEMBER 7, 2017
Opinion: Rep. Will Hurd of Texas argues that quantum computers will rock current security protocols that protect government and financial systems.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Elie
DECEMBER 2, 2017
This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices.
Schneier on Security
DECEMBER 8, 2017
New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper : Abstract : Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of certificate hostname verification but, in general, this is easy to detect.
WIRED Threat Level
DECEMBER 5, 2017
A green padlock might make it seem like a site is secure, but increasingly phishers are using it to lure victims into giving up sensitive info.
Dark Reading
DECEMBER 7, 2017
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Threatpost
DECEMBER 7, 2017
Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.
Schneier on Security
DECEMBER 5, 2017
Matt Blaze's House testimony on the security of voting machines is an excellent read. (Details on the entire hearing is here.) I have not watched the video.
WIRED Threat Level
DECEMBER 5, 2017
Opinion: A new report from Citizen Lab shows that governments are using commercial spyware to surveil dissidents and journalists.
Dark Reading
DECEMBER 6, 2017
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Threatpost
DECEMBER 4, 2017
Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent.
Penetration Testing
DECEMBER 5, 2017
ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals Suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their applications based... The post ProcDump for Linux v3.0 releases: Linux version of the ProcDump Sysinternals tool appeared first on Penetration Testing.
WIRED Threat Level
DECEMBER 5, 2017
With the release of Ghostery 8, the popular ad-blocker introduces artificial intelligence and Smart Mode, a whole new level of usability for beginners.
Dark Reading
DECEMBER 4, 2017
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
DECEMBER 8, 2017
Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers.
NopSec
DECEMBER 5, 2017
The updated PCI 3.2 requirements are coming to a head with a deadline this February 1st, 2018. While we’re sure that you’ve already started preparing for these new requirements, there may still be some areas that need more attention. This blog post is a quick list of the new requirements found on PCI DSS version 2, and how NopSec can help you get some them in place quickly before the deadline.
WIRED Threat Level
DECEMBER 7, 2017
A new Iran-linked hacking group called APT 34 has been spotted lurking in the networks of financial, energy, telecom, and chemical companies.
Dark Reading
DECEMBER 6, 2017
The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
DECEMBER 6, 2017
As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical.
eSecurity Planet
DECEMBER 4, 2017
VIDEO: Nadir Izrael, co-founder and CTO of Armis Security, discusses the evolving landscape for Internet of Things security.
WIRED Threat Level
DECEMBER 2, 2017
A bill to punish hack hiders, Apple bug fix bumbling, and more of the week's top security stories.
Dark Reading
DECEMBER 7, 2017
More than nine years after it infected millions of systems worldwide, the malware continues to be highly active, according to a Trend Micro report.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
DECEMBER 4, 2017
Researchers have found a variant of Ursnif Trojan they said is a “v3 build” that targets Australian bank customers with new redirection attack techniques.
eSecurity Planet
DECEMBER 8, 2017
The 4,736 Bitcoin stolen from NiceHash have surged in value over the past few days.
WIRED Threat Level
DECEMBER 7, 2017
With Project Sopris, Microsoft has a new hardware solution for the next wave of IoT security problems.
Dark Reading
DECEMBER 6, 2017
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
164 
Let's personalize your content