Saturday, November 17, 2018

DHS Task Force Moves Forward on Playbooks for Supply Chain Security

The public/private task force takes early steps toward securing the end-to-end supply chain.

New Bluetooth Hack Affects Millions of Vehicles

Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.

BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance

BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.

26M Texts Exposed in Poorly Secured Vovox Database

The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.

95% of Organizations Have Cultural Issues Around Cybersecurity

Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.

AI Poised to Drive New Wave of Exploits

Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.

Black Hat Europe Speaker Q&A: SoarTech’s Fernando Maymi on ‘Synthetic Humans’

Ahead of his Black Hat Europe appearance, SoarTech's Fernando Maymi explains how and why synthetic humans are critical to the future of cybersecurity.

7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge

Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.

Congress Passes Bill to Create New Federal Cybersecurity Agency

Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.

Cyber Crooks Diversify Business with Multi-Intent Malware

The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.

Cloud, China, Generic Malware Top Security Concerns for 2019

FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.

Japan Cyber Minister Says He Has Never Used a Computer

Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.

More Than 50% of Free Mobile VPN Apps Have Chinese Ties

In addition, most have "unacceptable" privacy policies and "non-existent user support."

From Reactive to Proactive: Security as the Bedrock of the SDLC

Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.

Learn How to Better Protect your Network at Black Hat Europe

Whether you're sussing out vulnerabilities or defending enterprise networks, Black Hat Europe's lineup of Briefings, Trainings, and Arsenal tools will help you take things to the next level.

Small-Time Cybercriminals Landing Steady Low Blows

High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.

Security Teams Struggle with Container Security Strategy

Fewer than 30% of firms have more than a basic container security plan in place.

Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues

Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data - and are fearful of a near-term breach of critical infrastructure.

Understanding Evil Twin AP Attacks and How to Prevent Them

The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.