Krebs on Security
NOVEMBER 22, 2019
A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States.
Schneier on Security
DECEMBER 12, 2019
Back in 1998, Tim May warned us of the "Four Horsemen of the Infocalypse": "terrorists, pedophiles, drug dealers, and money launderers." I tended to cast it slightly differently.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
NOVEMBER 26, 2019
One terabyte of data belonging to a major hotel booking platform was found leaked online. A huge trove of customer data belonging to Gekko Group was found online in an unsecured format.
Troy Hunt
NOVEMBER 22, 2019
Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself.
Speaker: William Hord, Senior VP of Risk & Professional Services
This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the foundational elements you need to start or validate your ERM program. He will also dive into topic definitions, governance structures, and framework components for success.
Adam Shostack
FEBRUARY 9, 2019
The Seattle Times has a story today about how “ 50 years ago today, the first 747 took off and changed aviation.” ” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership. For an upcoming flight, I paid extra to reserve an upper deck seat before the last of the passenger-carrying Queens of the Skies retires. And in a way, the 747 represents a pinnacle of aviation engineering advancements.
The Last Watchdog
MARCH 28, 2019
A couple of high-profile distributed denial-of-service (DDoS) attacks will surely go down in history as watershed events – each for different reasons. Related: IoT botnets now available for economical DDoS blasts. In March 2013, several impossibly massive waves of nuisance requests – peaking as high as 300 gigabytes per second— swamped Spamhaus , knocking the anti-spam organization off line for extended periods.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
NOVEMBER 26, 2019
Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org.
Krebs on Security
NOVEMBER 26, 2019
On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards.
Krebs on Security
NOVEMBER 25, 2019
Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.
Schneier on Security
NOVEMBER 22, 2019
The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection (TLSI), also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Join this exclusive webinar with Dr. Karen Hardy, where she will explore the power of storytelling in risk communication as a core component of a resilient organization's management framework!
Schneier on Security
NOVEMBER 29, 2019
Interesting research: " TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents ": Abstract: : Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time.
Schneier on Security
DECEMBER 2, 2019
New South Wales is implementing a camera system that automatically detects when a driver is using a mobile phone. australia cameras cars phones
Adam Levin
APRIL 9, 2019
Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans. The malware, called CT-GAN, served as a proof of concept to show the potential for hacking medical devices with fake medical news that was convincing enough to fool medical technicians. In a video demonstrating the exploit, researchers at Ben Gurion University described how such an attack might be deployed.
Troy Hunt
NOVEMBER 25, 2019
When I first started writing code a few decades ago, it was a rather bland affair involving a basic text editor and physical books for reference.
Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy
This exclusive webinar with Ryan McInerny will teach you all about cryptocurrency and NFTs! Register to learn more about identifying crypto transactions, crypto asset market trends, managing risk and compliance, and supporting customers and partners using crypto-based payments.
Adam Shostack
AUGUST 2, 2019
Shortly, I’m off to Blackhat. My Threat Modeling Intensive classes both sold out (thank you!). Nearly a decade ago, I put forth a set of best practices: Breath mints Ricola Purell Advil Gatorade This year, I’m adding a travel humidifier. I’ve been using this one, and it really needs to soak for 10 minutes, but then it adds a nice stream of moisture to the room. Also, at a conference, you’ll ask, and get the question “What’s new?”
The Last Watchdog
MARCH 21, 2019
Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.
Tech Republic Security
NOVEMBER 28, 2019
As cloud complexity increases, hackers are relying on more targeted attacks, scoping out weak points across a larger attack surface
Krebs on Security
SEPTEMBER 11, 2019
MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.
Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM
The largest banks have increased reserves for protection against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions? In this webinar, Alex Jiménez will walk us through that question and examine the prudent course of action.
Krebs on Security
JULY 24, 2019
Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views. This group specializes in encouraging others to harass those targeted by their ire, and has claimed responsibility for dozens of bomb threats and “swatting” incidents, where police are tricked into visiting potentially deadly force on the target’s address.
Krebs on Security
JANUARY 3, 2019
A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company.
Krebs on Security
MAY 24, 2019
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.
Schneier on Security
APRIL 26, 2019
Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to something called the " cybersecurity kill chain ": a way of thinking about cyber defense in terms of disrupting the attacker's process. On a similar note, it's time to conceptualize the "information operations kill chain."
Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC
In this session, Elizabeth “Paige” Baumann will cover the Anti-Money Laundering Act of 2020, which also includes the Corporate Transparency Act. She'll take a deep dive into the catalysts that brought on the act, the current implications of the act, and what impacts the act has on the future of banking and finance.
Schneier on Security
MARCH 27, 2019
A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy way out and write code that stores user passwords in an unsafe manner.
Adam Levin
MAY 24, 2019
Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash. This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.
Troy Hunt
JANUARY 16, 2019
Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper. Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of.
Adam Shostack
OCTOBER 9, 2019
Trail of Bits released a threat model for Kubernetes. There’s some context from Aaron Small, who made the project happen. Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC.
Speaker: William Hord, Vice President of ERM Services
Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.
The Last Watchdog
JUNE 10, 2019
Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner. Related: The rise of ‘memory attacks’ I’m making this assertion as federal authorities have just commenced steps to remove and replace switching gear supplied, on the cheap, to smaller U.S. telecoms by Chinese tech giant Huawei. These are the carriers that provide Internet access to rural areas all across America.
Tech Republic Security
DECEMBER 30, 2019
If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard
Schneier on Security
MAY 6, 2019
I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other things -- but most of that doesn't matter anymore. Today, your sensitive data is controlled by others, and there's nothing you can personally to do affect its security.
Krebs on Security
MAY 22, 2019
Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.
Expert insights. Personalized for you.
334 
Let's personalize your content