Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

The iOS 14 Privacy and Security Features You Should Know

WIRED Threat Level

Security Security / Security AdviceThe latest update for your iPhone and iPad will make them safer than ever.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Detecting Network Security Incidents

Data Breach Today

ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents

5G Security

Schneier on Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Since the internet, especially the "internet of things," is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat.

Insurer Chubb Investigating 'Security Incident'

Data Breach Today

Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft

Security Affairs newsletter Round 282

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 282 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

Redefining Security Analytics

Data Breach Today

Chronicle's Anton Chuvakin on How to Fill the Gaps for Analysts There are glaring holes in how enterprises currently tackle security analytics, and by redefining the approach, the analyst's role can be transformed. Dr. Anton Chuvakin of Chronicle explains how

Election Security: A Harsh Assessment

Data Breach Today

Security Researcher, CISA Director Raise Serious Concerns A security researcher says voting equipment in the U.S. is still riddled with security flaws that opportunistic foreign adversaries could use to pose a threat to the November election. Meanwhile, the director of CISA calls Russian ransomware attacks one of the biggest threats to the election

Mental Health as a Security Vulnerability

Data Breach Today

Neal O'Farrell on the Importance of Stress Management Increasing stress levels for cybersecurity professionals pose a serious organizational security risk, says Neal O'Farrell, founder of the PsyberResilience Project, a mental health advocacy group

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

Italian Social Security Website Disrupted

Data Breach Today

News Reports Say Officials Investigating After Thousands Could Not Access Site Italian officials are investigating whether a disruption this week of access to the country's social security website was due to a hacking incident or a network overwhelmed by demand for benefits offered during the COVID-19 pandemic, according to news reports.

Medical Device Security Alerts: The Latest Updates

Data Breach Today

More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack

Does This Exposed Chinese Database Pose a Security Threat?

Data Breach Today

ISMG View: Unless There's More To It, Database Appears to be Scraped Public Data A leaked database compiled by a Chinese company has suddenly become the focus of multiple media reports, warning that it could be used as an espionage instrument by Beijing.

Kubernetes Security

Schneier on Security

A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Attack matrix for Kubernetes, using the MITRE ATT&CK framework. cybersecurity opensource securityengineering

What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

The SASE Model: A New Approach to Security

Data Breach Today

Palo Alto Networks' Sean Duca Describes the Cloud-Delivered Service Model The emerging cloud-delivered service model known as security access service edge, or SASE, is designed to help simplify security for remote access, says Sean Duca of Palo Alto Networks, who explains how the model works

Cloud 209

Analysis: Keeping IoT Devices Secure

Data Breach Today

This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity

IoT 127

Online Voting Startup Wants to Limit Some Security Research

Data Breach Today

Voatz Files Amicus Brief In Case Headed to the US Supreme Court In a court filing, online voting startup Voatz argues that most security research should be limited to those who have clear permission to probe systems and software for vulnerabilities.

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

Paper 212

Tightening Mainframe Access and Security: Part 3

Micro Focus

In the first blog of three we discussed how the mainframe must meet new demands in connectivity and security. In this final blog, Barbara Ballard looks at endpoint hardening and wraps up the options for extending enterprise-level security to the mainframe.

NTT Security and WhiteHat Security Describe Deal

Data Breach Today

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security. NTT Security's Khiro Mishra and WhiteHat Security's Craig Hinkley say the deal will help bring more application security - and DevSecOps - products, services and smarts to more organizations

Kids' Smartwatches Are a Security Nightmare Despite Years of Warnings

WIRED Threat Level

Security Security / Cyberattacks and HacksFive out of six brands tested by researchers would have allowed hackers to track kids—and in some cases eavesdrop on them.

Tightening Mainframe Access and Security

Micro Focus

To remain, it must meet new demands for device connectivity and security. In the first of three blogs, Barbara Ballard assesses how the enterprise is extending enterprise-level security to the mainframe with access.

Building a Stronger Security Infrastructure

Data Breach Today

Peter Yapp, former deputy director at the UK's National Cyber Security Center, provides insights on building a stronger security infrastructure Insights on Protecting Customer Data During the Pandemic As organizations collect more consumer data during the COVID-19 pandemic, how can they protect it?

How to Address Telehealth Cloud Security Risks

Data Breach Today

With the surge in telehealth use during the COVID-19 pandemic, healthcare organizations must be prepared to deal with cloud security and privacy risks, says Jim Angle of Trinity Health, who is the author of a recent report from the Cloud Security Alliance

Risk 145

Bipartisan Bill Looks to Create Secure Digital Identities

Data Breach Today

Legislation Seeks to Address ID Theft and Fraud Stemming From Breaches A bipartisan bill is looking to take some initial steps in creating nation-wide digital identity standards that can address a range of security issues, including theft and fraud stemming from data breaches.

IoT Security Principles

Schneier on Security

They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things.". Offering incentives for integrating security. Establishing regularly updated baseline security requirements.

IoT 94

Italian Security Firm Allegedly Pushed Malware: Report

Data Breach Today

Check Point Research Claims Firm Sold CloudEyE Dropper Trojan An Italian cybersecurity company allegedly was a front for a criminal gang selling access to a dropper Trojan known as CloudEyE, according to analysts at the security firm Check Point Research

Securing the Modern Workplace

Data Breach Today

Now, how do you secure it? David Wagner of Zix on Rising to the Challenges of Cloud Remote workers, connected devices, cloud services and infrastructure - these are the elements of the new workplace. That's the challenge discussed by David Wagner, CEO of Zix

Cloud 127

MaskOn for Security giveaway

OpenText Information Management

As many of us are still working from home today, security is top of mind. We want to hear from you about your experiences with security and remote work over the last few months. If you take the time to … The post MaskOn for Security giveaway appeared first on OpenText Blogs.

When Security Takes a Backseat to Productivity

Krebs on Security

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” The analysis highlights a shocking series of security failures at one of the world’s most secretive organizations, but the underlying weaknesses that gave rise to the breach also unfortunately are all too common in many organizations today. Here are a few, in no particular order: Failing to rapidly detect security incidents.

Analysis: Securing RDP to Prevent Ransomware Attacks

Data Breach Today

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments

Sharing Cloud Security Responsibilities

Data Breach Today

A cloud computing security model needs to be customized to fit how the cloud provider serves its clients, says privacy attorney Adam Greene

Cloud 116

US Government Sites Give Bad Security Advice

Krebs on Security

Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. The text I have a beef with is the bit on the right, beneath the “This site is secure” statement.

Multilayered Security Gets Personal

Data Breach Today

First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense

Wendy Nather on Democratizing Security

Data Breach Today

Cisco's Head of Advisory CISOs on How Best to Serve Users In an RSA 2020 conference keynote, Cisco's Wendy Nather spoke of "democratizing security" - thinking differently about the people we serve and secure. She expands on that theme and discusses her role as head of advisory CISOs at Cisco's Duo Security unit

Windows 7: Microsoft Ceases Free Security Updates

Data Breach Today

Security Experts Recommend Holdouts Review Their IT Strategy and Cloud Options Microsoft has ceased offering free security updates for its Windows 7 operating system, as well as Windows Server 2008 and 2008 R2.

Cloud 203

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The Secure Boot mechanism allows the execution of only software that is trusted by the Original Equipment Manufacturer (OEM). .

3 Critical Security Conversations

Data Breach Today

Oscar Chavez-Arietta of Sophos on Key Topics The cloud, artificial intelligence and security as a service - these are the three critical conversations that security leaders need to be having with their business counterparts, says Oscar Chavez-Arietta, vice president, Latin America, at Sophos

Breaches Tied to Pharmacy Looting: Security Lessons

Data Breach Today

Walgreens and CVS Are Among the Chains Affected As more reports emerge regarding data breaches at pharmacy chains as a result of earlier break-ins and looting incidents during civil unrest, security experts are calling attention to important security issues, including the need to check physical security measures as well as encrypt mobile devices