cybersecurity – Page 9 – SSL and internet security news

The Future of Machine Learning and Cybersecurity

June 21, 2021 infossl

cybersecurity, machine learning, reports, Security technology, Uncategorized

The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases these technologies are elaborations on long-standing methods — not fundamentally new approaches … Read More “The Future of Machine Learning and Cybersecurity” »

The Story of the 2011 RSA Hack

May 27, 2021 infossl

china, cybersecurity, hacking, rsa, Security technology, supply chain, Uncategorized

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come. Powered by WPeMatico

Is 85% of US Critical Infrastructure in Private Hands?

May 17, 2021 infossl

cybersecurity, infrastructure, national security policy, Security technology, Uncategorized

Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a fair fight. When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in … Read More “Is 85% of US Critical Infrastructure in Private Hands?” »

New US Executive Order on Cybersecurity

May 13, 2021 infossl

cybersecurity, national security policy, security standards, Security technology, Uncategorized

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government. For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” … Read More “New US Executive Order on Cybersecurity” »

Teaching Cybersecurity to Children

May 7, 2021 infossl

children, cybersecurity, generations, privacy, security education, Security technology, Uncategorized

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such as date of birth or full names with strangers, and that they should consult parents … Read More “Teaching Cybersecurity to Children” »

Cybersecurity Experts to Follow on Twitter

April 16, 2021 infossl

cybersecurity, Schneier news, Security technology, twitter, Uncategorized

Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If you are one of the 134K people who read me from Twitter, “hi.”) Powered by WPeMatico

DNI’s Annual Threat Assessment

April 15, 2021 infossl

cybersecurity, national security policy, Security technology, supply chain, threat models, Uncategorized

The office of the Director of National Intelligence released its “Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around … Read More “DNI’s Annual Threat Assessment” »

More Biden Cybersecurity Nominations

April 13, 2021 infossl

cybersecurity, national security policy, nsa, Security technology, Uncategorized

News: President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). I know them both, and think they’re both good choices. More news. Powered by WPeMatico

More on the Chinese Zero-Day Microsoft Exchange Hack

March 10, 2021 infossl

china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

National Security Risks of Late-Stage Capitalism

March 1, 2021 infossl

china, cybersecurity, essays, hacking, national security policy, russia, Security technology, Uncategorized

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, … Read More “National Security Risks of Late-Stage Capitalism” »