Schneier on Security
OCTOBER 15, 2018
If you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper : "Identity inference of genomic data using long-range familial searches." Abstract: Consumer genomics databases have reached the scale of millions of individuals.
Adam Levin
OCTOBER 19, 2018
The social media companies Facebook and Reddit are publicizing “War Rooms” set up to closely monitor their network content for election tampering. Facebook in particular experienced significant backlash for their site’s role in disseminating information created by Russian “troll farms” where false and misleading new stories and advertisements were propagated to discredit then-candidate Hillary Clinton as well as to foment general disagreement and conflict across the United States.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
OCTOBER 13, 2018
I'm in Texas! And I've had enough BBQ to last me a very long time. I'm here doing a couple of speaking events and other related things as well as taking some time out with my wife to see the sites. As such, it's a bit quieter this week but there's still a couple of things I reckon are worthy of discussion. Just before jumping on the plane over here I pushed out a blog post on how my approach to callbacks in HIBP broke Mozilla's service which in turn broke my Azure Function.
The Last Watchdog
OCTOBER 17, 2018
Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure. And yet two recent disclosures highlight just how brittle the military’s cyber defenses remain in critical areas. By extension these developments are yet another reminder of why constantly monitoring and proactively defending business networks must be a prime direct
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
OCTOBER 19, 2018
This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain -- presumably because they have no idea what the security issues with voting actually are.
Adam Shostack
OCTOBER 16, 2018
I’m pleased to be able to share work that Shostack & Associates and the Cyentia Institute have been doing for the Global Cyber Alliance. In doing this, we created some new threat models for email, and some new statistical analysis of. It shows the 1,046 domains that have successfully activated strong protection with GCA’s DMARC tools will save an estimated $19 million to $66 million dollars from limiting BEC for the year of 2018 alone.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
OCTOBER 15, 2018
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Schneier on Security
OCTOBER 16, 2018
Ross Anderson has some new work : As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow leopards, for elephants and rhinos and even for tortoises and sharks.
Adam Shostack
OCTOBER 17, 2018
The fine folks at Logmein have released a version of Elevation of Privilege that adds privacy! Check out the fine work by Mark Vinkovits at their blog, by Mark Vinkovits.
Security Affairs
OCTOBER 17, 2018
Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. The exploitation of this vulnerability could cause major problems on the Internet. “A proof of concept (POC) made in only one XLabs server generated a traffic of 69 gigabits per second,” Mauricio told Cibersecurity.net.br.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
PerezBox Security
OCTOBER 13, 2018
As a parent, and a technologist, I struggle with creating a safe online experience at home. I’m constantly playing with different technologies – hardware and software – trying to find. Read More. The post Creating a Safe Online Experience At Home appeared first on PerezBox.
Schneier on Security
OCTOBER 18, 2018
This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now.
WIRED Threat Level
OCTOBER 19, 2018
The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity.
Security Affairs
OCTOBER 16, 2018
Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk. Here’s how the cybercriminals attack user on these open networks. The free Wi-Fi is one of the catchiest things for the users in today’s world. This is the main reason why so many free public Wi-Fi can be found without much of a problem. It is not only free but convenient to use these open networks.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
OCTOBER 15, 2018
New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.
Schneier on Security
OCTOBER 14, 2018
This is a current list of where and when I am scheduled to speak: I'm speaking at Data in Smarter Cities in New York City on October 23, 2018. I'm speaking at the Cyber Security Summit in Minneapolis, Minnesota on October 24, 2018. I'm speaking at ISF's 29th Annual World Congress in Las Vegas, Nevada on October 30, 2018. I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018.
WIRED Threat Level
OCTOBER 13, 2018
With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff.
Security Affairs
OCTOBER 17, 2018
The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. The Secure Shell (SSH) implementation library, the Libssh, is affected by a four-year-old severe vulnerability that could be exploited by attackers to completely bypass authentication and take over a vulnerable server without requiring a password.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
OCTOBER 15, 2018
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
Thales Cloud Protection & Licensing
OCTOBER 16, 2018
This October marks the 15 th year of Cybersecurity Awareness Month. While we in the industry know that cybersecurity is a 365 day a year commitment, I’m happy to use October as the platform to remind small and medium sized businesses (SMBs) what they could and should be doing to keep their company, employees and customer data safe. Take a page from the enterprise.
Threatpost
OCTOBER 16, 2018
Support for PHP 5.6 drops on December 31 - but a recent report found that almost 62 percent of websites are still using version 5.
Security Affairs
OCTOBER 17, 2018
Researchers from the Silesian University of Technology in Poland discovered several flaws that could be exploited to take over some D-Link routers. A group of researchers from the Silesian University of Technology in Poland has discovered three vulnerabilities in some models of D-Link routers that could be chained to take full control over the devices.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
OCTOBER 18, 2018
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
Thales Cloud Protection & Licensing
OCTOBER 18, 2018
As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. Lines are now blurred between physical and digital experiences. And criminals are moving online. At the same time, customers expect faster checkout and order fulfillment, both online and offline.
WIRED Threat Level
OCTOBER 19, 2018
A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news.
Security Affairs
OCTOBER 18, 2018
Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Security experts from ESET published a detailed analysis of a recently discovered threat actor tracked as GreyEnergy, its activity emerged in concurrence with BlackEnergy operations. ESET researchers have spotted a new strain of malware tracked as Exaramel that links the not Petya wiper to the Industroyer ICS malware.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
OCTOBER 18, 2018
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
Threatpost
OCTOBER 17, 2018
The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors.
eSecurity Planet
OCTOBER 18, 2018
We take an in-depth look at AlienVault Unified Security Management (USM), a lower-cost SIEM option thanks to its open source Open Threat Exchange (OTX).
Security Affairs
OCTOBER 15, 2018
The Security Service of Ukraine (SBU) uncovered a new targeted attack launched by BlackEnergy APT on the IT systems of Ukrainian government entities. The Security Service of Ukraine (SBU) uncovered a new targeted attack on the information and telecommunication systems of Ukrainian government entities. The SBU attributed the attack to the BlackEnergy Russia-linked APT group. “The Security Service of Ukraine has received more evidence of the aggressive actions of Russian intelligence service
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
246 
Let's personalize your content