Tuesday, September 25, 2018

Fault-Tolerant Method Use for Security Purposes in New Framework

A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.

In Quiet Change, Google Now Automatically Logging Users Into Chrome

The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.

Microsoft Deletes Passwords for Azure Active Directory Applications

At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.

6 Dark Web Pricing Trends

For cybercriminals, the Dark Web grows more profitable every day.

‘Scan4Yyou’ Operator Gets 14-Year Sentence

A citizen of the former USSR is sentenced to 168 months for running Scan4you, an online counter antivirus service.

Hacking Back: Simply a Bad Idea

While the concept may sound appealing, it's rife with drawbacks and dangers.

The ‘Opsec Fail’ That Helped Unmask a North Korean State Hacker

How Park Jin Hyok - charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks - inadvertently blew his cover via email accounts.

Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware

Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.

6 Security Training Hacks to Increase Cyber IQ Org-Wide

Move beyond generic, annual security awareness training with these important tips.

US Approves Cyber Weapons Against Foreign Enemies

The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.

Data Manipulation: How Security Pros Can Respond to an Emerging Threat

Industry leaders are scrambling to address the issue, which will take new thinking to overcome.

Executive Branch Makes Significant Progress As DMARC Deadline Nears

The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.

Think Like An Attacker: How a Red Team Operates

Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.

Retail Sector Second-Worst Performer on Application Security

A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.

Account Takeover Attacks Become a Phishing Fave

More than three-quarters of ATOs resulted in a phishing email, a new report shows.

3 Drivers Behind the Increasing Frequency of DDoS Attacks

What's causing the uptick? Motivation, opportunity, and new capabilities.

Japanese Cryptocurrency Exchange Hit with $60M Theft

The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO

Suit underscores longtime battle between vendors and labs over control of security testing protocols.

Cryptojackers Grow Dramatically on Enterprise Networks

A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...