2021

Will Artificial Intelligence Help or Hurt Cyber Defense?

Lohrman on Security

The world seems focused on new developments in artificial intelligence to help with a wide range of problems, including staffing shortages. But will AI help or harm security teams

‘Trojan Source’ Bug Threatens the Security of All Code

Krebs on Security

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Your Work Email Address is Your Work's Email Address

Troy Hunt

When the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read.

The Top 22 Security Predictions for 2022

Lohrman on Security

What will the New Year bring in cyber space? Here’s your annual roundup of the top security industry forecasts, trends and cybersecurity prediction reports for calendar year 2022

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

How to Avoid Being Scammed When Giving Charity

Joseph Steinberg

Giving Tuesday has arrived… and, so have many criminals who seek to exploit people’s sense of generosity.

Scams 263

What Does It Take to Be a Cybersecurity Professional?

Lohrman on Security

With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career. Here’s my perspective

More Trending

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

Cyber Attacks: Is the ‘Big One’ Coming Soon?

Lohrman on Security

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

I've spent more time IoT'ing my house over the last year than any sane person ever should. But hey, it's been strange times for all of us and it's kept me entertained whilst no longer travelling.

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

Schneier on Security

Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3,

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Colonial Pipeline, Darkside and Models

Adam Shostack

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. I did want to talk about one small aspect, which is the way responders talk about Darkside. Blog posts from Sophos and Mandiant seem really useful!

Stealing More SRE Ideas for Your SOC

Anton on Security

As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution.

Android App Infects Up To 10 Million Users with Update

Adam Levin

An Android app with over 10 million installations spread malware to its users in a recent update. Barcode Scanner is an app available in the Google Play store for Android devices. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising.

Adware 247

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information.

Mobile 230

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

I’ve made it!

Javvad Malik

First off, happy new year! Well if the tax man can start the new year in April, I can start it on Feb 11th!). Secondly, Infosecurity Magazine was ever so kind as to feature an interview with me in the Q1, 2021, Voume 18, Issue 1 edition.

206
206

A @TomNomNom Recon Tools Primer

Daniel Miessler

There are recon tools, and there are recon tools. tomnomnom —also called Tom Hudson—creates the latter. I have great respect for large, multi-use suites like Burp , Amass , and Spiderfoot , but I love tools with the Unix philosophy of doing one specific thing really well.

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

Scams 285

Billion Dollar CyberSecurity Annual Budgets Have Arrived

Joseph Steinberg

Major American banks and various other parties serving them are each spending $1 Billion per year on cybersecurity, according to Bank of America’s CEO, Brian Moynihan.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

As Ransomware Surge Continues, Where Next for Government?

Lohrman on Security

Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7%

Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

Schneier on Security

Fascinating research: “ Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.” ” Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population.

“Better OKRs Through Threat Modeling”

Adam Shostack

Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Key quote: “Effective Threat Modeling by itself can ensure that your OKRs and AppSec Program are not only in great tactical shape, but also help define a strategic roadmap for your AppSec Program.”

193
193

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

Anton on Security

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today.

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. .

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

There’s no doubt, the increasing use of telemedicine, the explosion of health-based cloud apps, and innovative medical IoT devices are improving the patient care experience. Related: Hackers relentlessly target healthcare providers.

Cybersecurity startup ideas

Javvad Malik

I’ve seen VC’s fund many security and tech startups. Lots of the ideas are rubbish, so I’ve come up with my own ideas that aren’t rubbish so VC’s can fund me instead. Don’t steal any of my ideas or I will sue you! Take a human skull and 3D print an eyeball on it, add Linux to the inside where the brain would be. Website uses photo of person looking out from screen with windows environment running, call this cyberSURVIVOR.

The Presenting Vendor Paradox

Daniel Miessler

There’s a paradox in information security where the community wants two things at once: High quality research and talks, and. Unbiased research and talks. I’ve personally been one of these affiliated speakers countless times.

What Happened to Facebook, Instagram, & WhatsApp?

Krebs on Security

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages.

Hushme: A Headset That Lets You Make Private Phone Calls In A Non-Private Environment

Joseph Steinberg

Every so often, I encounter an unusual technology device that so well solves a problem that I have encountered many times that I cannot imagine not adding the product to my arsenal of tools, even if it is not something that I would necessarily use every day. The Hushme is one such offering.

Combatting the Growing Cyberthreat of QR Code Abuse

Lohrman on Security

283
283

Welcoming the Turkish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains.

Defeating Microsoft’s Trusted Platform Module

Schneier on Security

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard.

Threat Modeling and Social Issues

Adam Shostack

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now: “Does your organization have a plan in place if one of your employees is accused via Twitter of being an insurrectionist?