cybersecurity – Page 9 – SSL and internet security news

Iranian State-Sponsored Hacking Attempts

July 13, 2021 infossl

cybersecurity, hacking, iran, phishing, Security technology, Uncategorized

Interesting attack: Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection … Read More “Iranian State-Sponsored Hacking Attempts” »

More Russian Hacking

July 2, 2021 infossl

cybersecurity, hacking, malware, microsoft, russia, Security technology, Uncategorized

Two reports this week. The first is from Microsoft, which wrote: As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in … Read More “More Russian Hacking” »

Insurance and Ransomware

July 1, 2021 infossl

academic papers, cybercrime, cybersecurity, insurance, mitigation, ransomware, reports, Security technology, Uncategorized

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers … Read More “Insurance and Ransomware” »

Risks of Evidentiary Software

June 29, 2021 infossl

courts, cybersecurity, false positives, forensics, Security technology, Uncategorized, vulnerabilities

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead to inaccurate evidence, but the proprietary nature of software makes it hard for defendants to examine it. The software engineers proposed a three-part … Read More “Risks of Evidentiary Software” »

The Future of Machine Learning and Cybersecurity

June 21, 2021 infossl

cybersecurity, machine learning, reports, Security technology, Uncategorized

The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases these technologies are elaborations on long-standing methods — not fundamentally new approaches … Read More “The Future of Machine Learning and Cybersecurity” »

The Story of the 2011 RSA Hack

May 27, 2021 infossl

china, cybersecurity, hacking, rsa, Security technology, supply chain, Uncategorized

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come. Powered by WPeMatico

Is 85% of US Critical Infrastructure in Private Hands?

May 17, 2021 infossl

cybersecurity, infrastructure, national security policy, Security technology, Uncategorized

Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a fair fight. When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in … Read More “Is 85% of US Critical Infrastructure in Private Hands?” »

New US Executive Order on Cybersecurity

May 13, 2021 infossl

cybersecurity, national security policy, security standards, Security technology, Uncategorized

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government. For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” … Read More “New US Executive Order on Cybersecurity” »

Teaching Cybersecurity to Children

May 7, 2021 infossl

children, cybersecurity, generations, privacy, security education, Security technology, Uncategorized

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children — an age at which Australian kids first attend school — not to share information such as date of birth or full names with strangers, and that they should consult parents … Read More “Teaching Cybersecurity to Children” »

Cybersecurity Experts to Follow on Twitter

April 16, 2021 infossl

cybersecurity, Schneier news, Security technology, twitter, Uncategorized

Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If you are one of the 134K people who read me from Twitter, “hi.”) Powered by WPeMatico