Schneier on Security

SEPTEMBER 6, 2018

The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a " Statement of Principles on Access to Evidence and Encryption " where they claim their needs for surveillance outweigh everyone's needs for security and privacy.the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security.

Security 106

Security Encryption Access Government 106

Thales Cloud Protection & Licensing

SEPTEMBER 6, 2018

In my recent blog on the evolving PCI SSC initiatives in 2018, “ Minor on PCI DSS, major on almost everything else ,” I outlined how the organisation is covering new areas to reflect the migration from physical card payments to online digital payments. Much of the latest innovation involves the use of mobile devices (for both initiation and acceptance ) to provide greater flexibility in how payments can be made and offer additional methods to authenticate transactions.

Security 66

Security Encryption Compliance Risk 66

IT Governance

SEPTEMBER 7, 2018

Data breaches can happen to anybody. Incidents at large organisations – such as Dixons Carphone and Superdrug – might be reported on more often, giving you the impression that they are the most frequent targets, but these are actually the exception. Breaches occur most often at SMEs (small and medium-sized enterprises), if only because there are a lot more of them.

Data breaches 57

Data breaches GDPR Paper Personal data 57

Krebs on Security

SEPTEMBER 4, 2018

mSpy , the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Passwords 217

Passwords Encryption Authentication Mining 217

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

SEPTEMBER 6, 2018

All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more.

Security 189

Security Analytics Digital transformation Marketing 189

Weissman's World

SEPTEMBER 5, 2018

If there’s one thing we know about doing information right – which is to say, improving the care and feeding of your critical business information – it’s that it’s really hard to know where to begin. Should we scan the boxes full of paper that’s cluttering our hallways? Should we comb through our shared drives […]. The post Doing Information Right: Where Do I Begin?

Paper 120

Paper Records Management Government 120

Krebs on Security

SEPTEMBER 6, 2018

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.’s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.

Security 191

Security IT 191

The Last Watchdog

SEPTEMBER 2, 2018

Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors. In today’s world, quick innovations are a necessity, and software developers would rather not lose valuable time reinventing the wheel.

Compliance 179

Compliance Libraries Sales Personal data 179

Data Breach Today

SEPTEMBER 3, 2018

Lock Down Magento E-Commerce Software or See Card Details Get Routed to Moscow In the past six months, more than 7,000 sites that run Magento e-commerce software have been infected with malicious JavaScript designed to harvest customers' payment card details as they finalize their orders, a security researcher warns.

Security 169

Security 169

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

WIRED Threat Level

SEPTEMBER 4, 2018

"Whatever we propose is going to be controversial. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck.".

Security 108

Security 108

Krebs on Security

SEPTEMBER 5, 2018

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or

Risk 168

Risk Access Phishing Passwords 168

The Last Watchdog

SEPTEMBER 5, 2018

There is a concept in computing, called runtime, that is so essential and occurs so ubiquitously that it has long been taken for granted. Now cyber criminals have begun to leverage this heretofore innocuous component of computing to insinuate themselves deep inside of company networks. Related: The coming wave of ‘microcode’ attacks. They’ve figured out how to manipulate applications while in runtime and execute powerful and stealthy attacks that bypass conventional security tools.

Ransomware 140

Ransomware Access Marketing Cloud 140

Data Breach Today

SEPTEMBER 5, 2018

With the midterm elections just around the corner, Barbara Simons, author of the election security book "Broken Ballots," explains why some voting computers remain inherently flawed.

Security 167

Security 167

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

SEPTEMBER 5, 2018

Security expert discovered that S kype has a malloc(): memory corruption vulnerability that could be triggered while users share some media/file with someone during a call. . Tested on: Linux zero 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 18.04 LTS). Product affected: Skype for linux (skypeforlinux_8.27.0.85_amd64.deb) Steps to reproduce this issue: 1.

Security 103

Security IT 103

Krebs on Security

SEPTEMBER 2, 2018

A 20-year-old from Vancouver, Washington was indicted last week on federal hacking charges and for allegedly operating the “ Satori ” botnet, a malware strain unleashed last year that infected hundreds of thousands of wireless routers and other “Internet of Things” (IoT) devices. This outcome is hardly surprising given that the accused’s alleged alter ego has been relentless in seeking media attention for this global crime machine.

IoT 128

IoT Communications Security IT 128

The Last Watchdog

SEPTEMBER 7, 2018

Over the past couple of decades, some amazing advances in locking down software code have quietly unfolded in, of all places, Hollywood. Related: HBO hack spurs cyber insurance market. Makes sense, though. Digital media and entertainment giants like Netflix, Amazon, Hulu, HBO, ESPN, Sony, and Disney are obsessive about protecting their turf. These Tinsel Town powerhouses retain armies of investigators and lawyers engaged in a never-ending war to keep piracy and subscription fraud in check.

IoT 133

IoT Security Digital transformation Cloud 133

Data Breach Today

SEPTEMBER 5, 2018

But Tech-Support Fraud is Surging, via Cold Calls, Phishing and More, FBI Warns While tech-support scams have proliferated for years, the FBI says losses tied to such fraud are now higher than ever. Google has pledged to crack down on fake tech-support listings. But fraudsters regularly employ a variety of channels, including cold calls, pop-up windows and phishing emails.

Phishing 165

Phishing 165

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Matters

SEPTEMBER 7, 2018

On September 5, 2018, the new Belgian Data Protection Act implementing the GDPR (the Belgian Act ) was published and entered into force. Despite the GDPR being an EU regulation that directly applies to all EU Member States, several provisions of the GDPR explicitly allow, and even require, Member States to enact legislation which implements the law.

GDPR 96

GDPR Archiving Privacy Compliance 96

TAB OnRecord

SEPTEMBER 5, 2018

Is it possible that you’re not managing your organizations records, but rather they are managing you? If panicked “All-Office” emails are common or if people are regularly searching for critical files after the information was needed, the answer may be yes. The following questions are designed to help diagnose how your organization uses and stores information.

Records Management 94

Records Management IT 94

The Last Watchdog

SEPTEMBER 4, 2018

Most large enterprises today can point to multi-millions of dollars expended over the past two decades erecting “layered defenses” to protect their digital systems. Yet catastrophic network breaches continue apace. Turns out there’s a downside to “defense in depth.”. Related: Obsolecense creeps into legacy systems. There’s no doubt that monitoring and continually updating all parts of a multi-tiered security system is a must-do best practice.

Data breaches 133

Data breaches Honeypots Digital transformation Communications 133

Data Breach Today

SEPTEMBER 7, 2018

'Personal and Financial Details' Stolen From 380,000 Website and App Transactions British Airways is warning customers that it suffered a hack attack that compromised up to 380,000 customers' payment cards as well as personal data over a 15-day period. The airline says it was alerted to the breach by a business partner that monitors its websites.

Personal data 154

Personal data IT 154

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Troy Hunt

SEPTEMBER 5, 2018

As time has gone by, one of the things I've enjoyed the most in running Have I Been Pwned (HIBP) is seeing how far I could make the dollars stretch. How big can it go whilst at the same time, running it on a shoestring? I keep finding new ways of optimising cost and the two most significant contributions to that since launching almost 5 years ago have come via serverless technology provided by 2 of my favourite tech companies: Cloudflare and Microsoft.

Passwords 94

Passwords IT Data structuring Cloud 94

Security Affairs

SEPTEMBER 6, 2018

The MEGA Chrome browser extension had been hacked and replaced with a one that steals users’ credentials for popular web services. Are you using the MEGA Chrome browser extension? Uninstall it now because the Chrome extension for MEGA file storage service had been hacked and replaced with a one that steals users’ credentials for popular web services (i.e.

Passwords 90

Passwords Security IT Access 90

Dark Reading

SEPTEMBER 7, 2018

These methods may not yet be on your security team's radar, but given their impact, they should be.

Cloud 86

Cloud Security 86

Data Breach Today

SEPTEMBER 4, 2018

Joseph Feiman of WhiteHat Security on the Need for Cultural Change Application security is not improving because about 60 percent of vulnerabilities never get fixed, says Joseph Feiman of WhiteHat Security.

Security 153

Security 153

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

eSecurity Planet

SEPTEMBER 5, 2018

Enterprises are turning to SOAR solutions to streamline response to cybersecurity incidents.

Security 84

Security Cybersecurity 84

Security Affairs

SEPTEMBER 6, 2018

Schneider Electric announced that some of the USB drives it has shipped with its Conext ComBox and Conext Battery Monitor products were infected with malware. Schneider Electric has found a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products. Both products are part of the solar energy offering of the vendor.

Energy and Utilities 84

Energy and Utilities Manufacturing Communications Security 84

IT Governance

SEPTEMBER 7, 2018

Saying you’ve done something doesn’t necessarily mean you’ve actually done it. Almost every data breach begins with an organisation saying they were secure until a crook comes along and shows them otherwise. . This is one of the biggest problems facing the cyber security industry. Organisations approach issues reluctantly, creating measures that seem adequate but are in fact only, to borrow from information governance expert Andrea Simmons, “skin deep”. .

Security 84

Security Information Security Information governance Data breaches 84