The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

Security Vulnerabilities in US Weapons Systems

Schneier on Security

From the summary: Automation and connectivity are fundamental enablers of DOD's modern military capabilities. For example, not all programs have been tested and tests do not reflect the full range of threats.

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Krebs on Security

The chips were alleged to have spied on users of the devices and sent unspecified data back to the Chinese military. That example gives a whole new meaning to the term “supply chain,” doesn’t it? Establish and maintain end-to-end encryption for all applications.

IT 286

MY TAKE: How state-backed cyber ops have placed the world in a constant-state ‘Cyber Pearl Harbor’

The Last Watchdog

That May 10th air strike by the Israel Defense Force marked the first use of military force in direct retaliation for cyber spying. This comes as no surprise to anyone in the military or intelligence communities. Russia explicitly recruits folks already engaged in criminal activities, and once recruited, they are contracted and connected to military organizations for direction and oversight,” Bort told me.

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012.

Bouncing Golf cyberespionage campaign targets Android users in Middle East

Security Affairs

The attackers appear to be focused o n stealing military-related information. The malicious code allows the attackers to choose the data types to collect, stolen data is encrypted using a simple XOR operation with a pre-configured key, then it is sent to the C2 via HTTP POST requests.

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. For example, the personal data obtained in one breach could be crossed referenced with data obtained from another breach and other widely publicized private sector breaches, and the Marriott breach only makes their task that much easier and more likely to succeed.

Federal Agency Data is Under Siege

Thales eSecurity

For example, just last month Strava, a popular fitness navigation app, accidentally revealed the location of military bases in war zones worldwide potentially putting troops and U.S. Breaking barriers with encryption.

Have We Become Apathetic About Breaches?

Thales eSecurity

One such example is the recent disclosure that military personnel wearing Strava devices are revealing highly sensitive information about their locations and activities. For example, are they encrypting their data? Another day, another breach.

IoT 97

SWEED targets precision engineering companies in Italy

Security Affairs

Precision engineering is a very important business market in Europe, it includes developing mechanical equipment for: automotive, railways, heavy industries and military grade technology. For example (or for full read RegKeys have a look to here ): [.]

Q&A: Cloud Providers and Leaky Servers

Thales eSecurity

The nonprofit GDI Foundation has tracked close to 175,000 examples of misconfigured software and services on the cloud this year. On both occasions Uber left its encryption keys on GitHub, which in part led to the breach.

Cloud 66

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

Encrypting critical data assets. Moreover, enforcement actions by regulators, and in particular by the FTC, provide several data security program “watch outs” and concrete examples of the consequences when companies fall short of these minimum standards; indeed, the FTC has highlighted where its enforcement activity aligns to each of these core functions, providing in itself a roadmap for corporate directors of areas for potential risk mitigation in their own organizations.