Adam Levin
DECEMBER 30, 2019
2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime. The UK Cabinet Office issued an apology after a data leak that involved the exact addresses (including house and apartment numbers) of more than 1,000 New Year Honours recipients.
Tech Republic Security
DECEMBER 30, 2019
If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 30, 2019
Lance Vick suggesting that students hack their schools' surveillance systems. "This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said. Of course, there are a lot more laws in place against this sort of thing than there were in -- say -- the 1980s, but it's still worth thinking about.
The Last Watchdog
DECEMBER 31, 2019
Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Krebs on Security
DECEMBER 29, 2019
Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, the site has attracted more than 37,000 newsletter subscribers, and nearly 100 million pageviews generated by roughly 40 million unique
Troy Hunt
JANUARY 3, 2020
I couldn't get 2 days into the new decade without without having to deal with ridiculous password criteria from Tik Tok followed by my phone automatically associating with what it thought was my washing machine whilst in a grocery store on the other side of the world (yep, you read that correctly). It somehow seems to just be reflective of how crazy online security is becoming in the modern era.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
JANUARY 2, 2020
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
Adam Shostack
JANUARY 2, 2020
For my first blog post of 2020, I want to look at threat modeling machine learning systems. Microsoft recently released a set of documents including “ Threat Modeling AI/ML Systems and Dependencies ” and “ Failure Modes in Machine Learning ” (the later also available in a more printer-friendly version at arxiv.). These build on last December’s “ Securing the Future of Artificial Intelligence and Machine Learning at Microsoft.” First and foremost, I’
Troy Hunt
DECEMBER 28, 2019
Sitting down to do this one today I thought it would be brief, turns out a bit more ended up on the agenda than I expected. The GoGetSSL bit in particular was unfolding as I recorded and to their credit, they later apologised for their "rude messages" which is a good sign. I still intend to finish writing up the blog post because the issues they've raised need tackling, but as with the Sophos example I also talk about, it's good to see a bit of humility (I've certainly been there myself before).
Schneier on Security
JANUARY 2, 2020
No one knows who they belong to. (Well, of course someone knows. And my guess is that it's likely that we will know soon.).
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
DECEMBER 29, 2019
If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.
Adam Levin
JANUARY 2, 2020
California’s groundbreaking privacy law went into effect January 1, 2020. The California Consumer Privacy Act (CCPA) requires businesses to inform state residents if their data is being monetized as well as to provide them with a clearly stated means of opting out from the collection of their data and/or having it deleted. Businesses not in compliance with CCPA regulations may be fined by the state of California and sued by its residents.
Threatpost
DECEMBER 31, 2019
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Security Affairs
JANUARY 2, 2020
Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie. Experts at Kaspersky have analyzed some threats that exploit the new Star Wars movie The Rise of Skywalker as bait for unaware users. .
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
JANUARY 2, 2020
Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.
Dark Reading
DECEMBER 30, 2019
Understanding the new risks and threats posed by increased use of artificial intelligence.
Threatpost
JANUARY 2, 2020
The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.
Security Affairs
JANUARY 3, 2020
The U.S. Army this week has banned the popular TikTok app from government mobile amid fear of China-linked cyberespionage. The US Army has banned the use of the popular TikTok app on mobile phones used by its personnel for security reasons. TikTok is a social media app that allows its users to create and share short form videos. The app developed by the Chinese firm ByteDance has over 1.3 billion installs worldwide, it has come under close scrutiny in the US and other countries for its alleged l
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
JANUARY 2, 2020
Learn how to gain more security in your git repository with the help of the git-secret tool.
Daniel Miessler
DECEMBER 30, 2019
[advanced_iframe src=”[link] width=”100%”] No related posts.
Adam Shostack
DECEMBER 30, 2019
I’m featured in (local NPR Affiliate) KUOW’s Primed: Season 3, Episode 8. I appreciate how the sense of fun that many security people bring to their work comes through. For me, it was fun learning about how Elevation of Privilege works for non-techies. (Spoiler: not super-well, you need to select the cards pretty carefully. Maybe there’s another game there?).
Security Affairs
JANUARY 3, 2020
Cisco has released software updates for its Data Center Network Manager (DCNM) product to address several critical and high-severity issues. Cisco has released software updates that address several critical and high-severity vulnerabilities in it s Data Center Network Manager (DCNM) product. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the security researcher Steven Seeley of Source Incite and Harrison Neal fro
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
DECEMBER 30, 2019
Here's what organizations considering using a mobile device management server should keep in mind.
WIRED Threat Level
JANUARY 3, 2020
In addition to securing physical structures, the Diplomatic Security Service runs simulations of protests in a model city in Virginia.
Dark Reading
DECEMBER 30, 2019
We asked chief information security officers how they plan to get their infosec departments in shape next year.
Security Affairs
JANUARY 1, 2020
Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The development team at Starbucks left exposed an API key that could be used by an attacker to access company internal systems and manipulate the list of authorized users. The issue was discovered by the security expert Vinoth Kumar, he found the key in a public GitHub repository.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
JANUARY 2, 2020
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
WIRED Threat Level
DECEMBER 31, 2019
In the early aughts the internet was less dangerous than it was disruptive. That's changed. .
Dark Reading
DECEMBER 30, 2019
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth
Security Affairs
JANUARY 3, 2020
The Travelex currency exchange has been forced offline following a malware attack launched on New Year’s Eve. . This week, the UK-based currency exchange Travelex announced that it has shut down its services as a “precautionary measure” following a malware attack. Statement on IT issues affecting Travelex Services pic.twitter.com/rpKagJLykn — Travelex UK (@TravelexUK) January 2, 2020.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
237 
Let's personalize your content