Trending Now
LATEST
Breach at US Retailer SHEIN Hits Over Six Million Users
Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.
The women’s clothing company revealed at the end of last week that...
Bug? Feature? Power users baffled as BitLocker update switch-off continues
Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
UK issues first-ever GDPR notice in connection to Facebook data scandal
Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Symantec Completes Internal Accounting Investigation
Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements.
read more
Are Colleges Teaching Real-World Cyber Security Skills?
The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
PCI compliance slipping for first time in 6 years, but IT remains on top
According to Verizon data, only 52.5% of companies maintained full compliance with payment card industry standards in 2017.
DtSR Episode 315 – Women in Cybersecurity-Mary Cheney
On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. She has such a colorful background and such great stories to tell...
2018-034-Pentester_Scenario
Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't...
Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users
Domain registrar bungle takes down the website of one of the world's largest companies.
This Bug Can Crash Firefox by Forcing Repeated Downloads
Security researcher Sabri Haddouche is demonstrating the flaw with a web link that'll freeze the Firefox browser when it attempts to open the page. Mozilla is working on a fix.
Fault-Tolerant Method Use for Security Purposes in New Framework
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
SHEIN fashion retailer announces breach affecting 6.42 million users
Hack took place somewhere in June, but the company only discovered the breach in late August.
California Dem Candidate DDoS’d During Failed Primary Bid
The Rolling Stone was among outlets reporting that the website of Congressional candidate for California’s 25th District Democrat Bryan Caforio was taken down by DDoS attacks four times during his unsuccessful campaign, including critical junctures such as during a...
Microsoft ‘kills’ passwords, throws up threat manager, and APIs Graph Security
Cloud lineup gets security overhaul with 2FA and new monitoring tools Ignite Microsoft is beefing up the security in its cloud services lineup with a handful of unveilings today at this year's Ignite conference.…
Vote Leave And Cambridge Analytica Linked Data Firm Hit With First Ever GDPR Notice
It was reported that the Information Commissioner’s Office (ICO) has handed the United Kingdom’s first formal General Data Protection Regulation notice to a Canadian firm linked to Cambridge Analytica, the firm behind the Facebook data scandal. AggregateIQ (AIQ) was accused of processing...
Internet Regulator
On news on the upcoming Government whitepaper detailing a future internet regulator, SD-WAN network expert Ian McEwan (Vice President EMEA of Aryaka, leading global SD-WAN provider) commented below.
Ian McEwan, Vice President EMEA at Aryaka:
“We have to wait and see...
Google Faces Privacy Backlash Over Chrome’s ‘Forced Login’ Policy
If you sign into any Google service on Chrome 69, like Gmail, the browser will automatically log you into Chrome, too. That prompted concern that Google was collecting browser histories via the sync feature, but Google says that's not...
One In Four Tech Professionals Have Confidence In Their AI Deployment
Despite heightened interest in enterprise deployment of artificial intelligence, only 40 percent of respondents to ISACA’s second annual Digital Transformation Barometer express confidence that their organizations can accurately assess the security of systems based on AI and machine learning.
Dr Anton Grashion, Managing...
In Quiet Change, Google Now Automatically Logging Users Into Chrome
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
What Exactly is Threat Hunting – and Why Does it Matter?
Naturally, we all want to detect every threat to our network as soon as it manifests itself. That’s why we spend a ton of money every year on tools that detect things automatically.
But what do we do when...
Apple Releases Security Update for macOS Mojave
Original release date: September 24, 2018Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to...
U.S. General Service Administration Launches Bug Bounty Program
The United States General Service Administration’s (GSA) Technology Transformation Service (TTS) has launched a bug bounty program on HackerOne, the hacker-powered security platform announced on Friday.
read more
Microsoft Deletes Passwords for Azure Active Directory Applications
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
New Adwind Campaign Targets Linux, Windows, and macOS
Adwind remote access Trojan (RAT) samples detected in a recently campaign were configured to gain persistence on Linux, Windows, and macOS systems, Cisco Talos warns.
read more
6 Dark Web Pricing Trends
For cybercriminals, the Dark Web grows more profitable every day.
LEADERS
Beware of Hurricane Florence Relief Scams
If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on...
New Variants of Cold-Boot Attack
If someone has physical access to your shut-down computer, they can probably break the hard-drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not:
To carry out the attack, the F-Secure researchers first sought...
Weekly Update 105
Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricIt's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and...
New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography
Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution...
Credit Freezes are Free: Let the Ice Age Begin
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If...
