Adam Levin
DECEMBER 30, 2019
2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime. The UK Cabinet Office issued an apology after a data leak that involved the exact addresses (including house and apartment numbers) of more than 1,000 New Year Honours recipients.
Schneier on Security
DECEMBER 30, 2019
Lance Vick suggesting that students hack their schools' surveillance systems. "This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said. Of course, there are a lot more laws in place against this sort of thing than there were in -- say -- the 1980s, but it's still worth thinking about.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JANUARY 3, 2020
I couldn't get 2 days into the new decade without without having to deal with ridiculous password criteria from Tik Tok followed by my phone automatically associating with what it thought was my washing machine whilst in a grocery store on the other side of the world (yep, you read that correctly). It somehow seems to just be reflective of how crazy online security is becoming in the modern era.
Tech Republic Security
DECEMBER 30, 2019
If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
DECEMBER 29, 2019
Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, the site has attracted more than 37,000 newsletter subscribers, and nearly 100 million pageviews generated by roughly 40 million unique
The Last Watchdog
DECEMBER 31, 2019
Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JANUARY 2, 2020
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
Adam Levin
JANUARY 2, 2020
California’s groundbreaking privacy law went into effect January 1, 2020. The California Consumer Privacy Act (CCPA) requires businesses to inform state residents if their data is being monetized as well as to provide them with a clearly stated means of opting out from the collection of their data and/or having it deleted. Businesses not in compliance with CCPA regulations may be fined by the state of California and sued by its residents.
Schneier on Security
JANUARY 2, 2020
No one knows who they belong to. (Well, of course someone knows. And my guess is that it's likely that we will know soon.).
Adam Shostack
DECEMBER 30, 2019
I’m featured in (local NPR Affiliate) KUOW’s Primed: Season 3, Episode 8. I appreciate how the sense of fun that many security people bring to their work comes through. For me, it was fun learning about how Elevation of Privilege works for non-techies. (Spoiler: not super-well, you need to select the cards pretty carefully. Maybe there’s another game there?).
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
DECEMBER 29, 2019
If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.
Threatpost
DECEMBER 31, 2019
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Security Affairs
DECEMBER 29, 2019
New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malscam messages that reported issues related to a debt of the year 2018.
Daniel Miessler
DECEMBER 30, 2019
[advanced_iframe src=”[link] width=”100%”] No related posts.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Tech Republic Security
JANUARY 2, 2020
E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.
Threatpost
JANUARY 2, 2020
The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.
Security Affairs
JANUARY 2, 2020
Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie. Experts at Kaspersky have analyzed some threats that exploit the new Star Wars movie The Rise of Skywalker as bait for unaware users. .
WIRED Threat Level
JANUARY 3, 2020
In addition to securing physical structures, the Diplomatic Security Service runs simulations of protests in a model city in Virginia.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
JANUARY 2, 2020
Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.
Threatpost
JANUARY 3, 2020
Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was "temporarily suspending operations.".
Security Affairs
JANUARY 1, 2020
The Irish government has published its National Cyber Security Strategy ?, it is an update of the country’s first Strategy which was published in 2015. The 2019 National Cyber Security Strategy aims to allow Ireland to continue to safely enjoy the benefits of the digital revolution and play a full part in shaping the future of the Internet. The report warns the national economy and the confidence in the State would be undermined by a major cyber attack on one of the numerous data centers t
Dark Reading
DECEMBER 30, 2019
Understanding the new risks and threats posed by increased use of artificial intelligence.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Tech Republic Security
JANUARY 2, 2020
Learn how to gain more security in your git repository with the help of the git-secret tool.
WIRED Threat Level
DECEMBER 31, 2019
In the early aughts the internet was less dangerous than it was disruptive. That's changed. .
Security Affairs
DECEMBER 30, 2019
Russia is one of the most advanced cyber states, but according to the media President Vladimir Putin ‘s personal PC is apparently still running Win XP. The news is curious and it probably has little real if not the fact that Vladimir Putin is not a super cyber security expert, although he knows its importance very well. According to the Russian website Open Media, President Putin’s computers in his office at the Kremlin office and at his official residence are still running Windows X
Dark Reading
DECEMBER 30, 2019
We asked chief information security officers how they plan to get their infosec departments in shape next year.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
DECEMBER 30, 2019
Here's what organizations considering using a mobile device management server should keep in mind.
Threatpost
DECEMBER 30, 2019
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost's Top 10 mobile security stories of 2019.
Security Affairs
DECEMBER 28, 2019
A Ryuk Ransomware attack has taken down the corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. Ryuk Ransomware continues to infect systems worldwide, the U.S. Coast Guard (USCG) announced that the malware took down the corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. “The purpose of this bulletin is to inform the maritime community of a recent incident involving a ransomware intrusion at a Maritime Transportati
Dark Reading
JANUARY 2, 2020
Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
237 
Let's personalize your content