July 2018

• July 31, 2018 31 Jul'18

  Malvertising campaign tied to legitimate online ad companies

  A new report from Check Point Research uncovers an extensive malvertising campaign known as Master134 and implicates several online advertising companies in the scheme.  Continue Reading

• July 31, 2018 31 Jul'18

  Women in cybersecurity: How to make conferences more diverse

  The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap.  Continue Reading

• July 31, 2018 31 Jul'18

  Yale data breach discovered 10 years too late

  A Yale University data breach from 2008 was only just discovered, and the school has released details on the compromised information, including Social Security numbers.  Continue Reading

• July 31, 2018 31 Jul'18

  Bugcrowd CTO on the need for responsible disclosure policy, 'good faith'

  Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy.  Continue Reading

• July 31, 2018 31 Jul'18

  U.S. government making progress on DMARC implementation

  The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away, and only half of the domains have the correct policy in place.  Continue Reading

• July 31, 2018 31 Jul'18

  Citrix's Peter Lefkowitz on impact of GDPR privacy requirements

  New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.  Continue Reading

• July 31, 2018 31 Jul'18

  SamSam ransomware payments reach nearly $6 million

  New research reveals SamSam ransomware campaign has generated almost $6 million for attacker and appears to be the work of a single hacker who shows no sign of slowing down.  Continue Reading

• July 31, 2018 31 Jul'18

  NetSpectre is a remote side-channel attack, but a slow one

  A new PoC attack using Spectre variant 1 called NetSpectre marks the first time Spectre v1 has been exploited remotely, although questions remain on the practicality of the attack.  Continue Reading

• July 31, 2018 31 Jul'18

  certificate authority (CA)

  A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.  Continue Reading

• July 31, 2018 31 Jul'18

  hacktivism

  Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.  Continue Reading

• July 31, 2018 31 Jul'18

  advanced persistent threat (APT)

  An advanced persistent threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time.  Continue Reading

• July 31, 2018 31 Jul'18

  whaling attack (whaling phishing)

  A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company.  Continue Reading

• July 31, 2018 31 Jul'18

  Three steps to improve data fidelity in enterprises

  Ensuring data fidelity has become crucial for enterprises. Expert Char Sample explains how to use dependency modeling to create boundaries and gather contextual data.  Continue Reading

• July 27, 2018 27 Jul'18

  How Dropbox dropped the ball with anonymized data

  Dropbox came under fire for sharing anonymized data with academic researchers after questions emerged about how the data was protected and used.  Continue Reading

• July 27, 2018 27 Jul'18

  LifeLock vulnerability exposed user email addresses to public

  News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more.  Continue Reading

• July 27, 2018 27 Jul'18

  Senator wants government to stop Adobe Flash use

  Senator Ron Wyden wrote a letter to multiple government agencies advocating that the entire U.S. government stop Adobe Flash use on all systems due to security risks.  Continue Reading

• July 27, 2018 27 Jul'18

  Powerhammering: Can a power cable be used in air-gapped attacks?

  Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables.  Continue Reading

• July 26, 2018 26 Jul'18

  Ponemon: Mega breaches, data breach costs on the rise

  The Ponemon Institute's '2018 Cost of a Data Breach Study' details a rise in data breaches with a look at mega breaches and why U.S. companies experience the greatest loss.  Continue Reading

• July 26, 2018 26 Jul'18

  Risk & Repeat: DHS warns of power grid cyberattacks

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss a new warning from the Department of Homeland Security regarding Russian hackers targeting the U.S. power grid.  Continue Reading

• July 26, 2018 26 Jul'18

  How does SirenJack put emergency warning systems at risk?

  Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works.  Continue Reading