News
Does Facebook even need a CSO?
Maybe not, says Twitter’s former CISO, but there are risks with Facebook's move from a centralized to a distributed security model in the wake of Alex Stamos's departure.
Horizon Air tragedy highlights airline insider threat vulnerability
The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability.
Attackers could ‘faxploit’ all-in-one printer to penetrate network and steal data
At Def Con 26, researchers revealed pwnage via fax. Hackers need only a fax number to infiltrate networks and exfiltrate data.
![Network World: IoT Hacks [slide-07] > Heart Trouble > Surgically implatable IoT](https://images.idgesg.net/images/article/2018/06/nw_ss_strange_and_scary_iot_hacks_slide_07_heart_pacemaker_cardiology_surgically_implantable_iot_by_angelhell_getty_images_1200x800-100762616-small.3x2.jpg)
Hacking pacemakers, insulin pumps and patients' vital signs in real time
At the recent Black Hat and Def Con events, researchers showed how they are able to hack medical devices, including pacemakers and insulin pumps, and patients' vital signs in real time.
video
Blue Team Village, DEF CON 2018 | Salted Hash Ep 43
Host Steve Ragan talks to Munin, a staffer at the DEF CON Blue Team Village about what's happening and what you can expect.
How did the TimeHop data breach happen?
Compromise of an employee's credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised.
Talking phishing campaigns with @PhishingAI's Jeremy Richards | Salted Hash, Ep. 42
All this week, while we’re on location in Las Vegas, Salted Hash has been discussing phishing and the impact it has had on the public. Today, we’re getting an insider view on how @PhishingAI operates, and learning about a recent...
video
Phishing AI | Salted Hash Ep 42
Host Steve Ragan is joined by Lookout’s Jeremy Richards, who manages the @PhishingAI account on Twitter, as well as a good friend and fellow reporter from Ars Technica.
Bug bounties offer legal safe harbor. Right? Right?
Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.
Weaponized AI and facial recognition enter the hacking world
Your face could trigger a DeepLocker AI-powered malware attack or be used by Social Mapper to track you across social media sites.
Inside Dropbox and Microsoft Office phishing attacks | Salted Hash, Ep. SC03
Today on Salted Hash, we're going to look at a phishing attack that targeted me directly. It's got a few interesting elements, including a weak attempt to spoof an HTTPS connection, and a sort of hybrid lure, which starts as Dropbox...
FCC lied about DDoS attack during net neutrality comment process, blames former CIO
FCC Chairman Ajit Pai says a DDoS attack did not take out the net neutrality comment site, and he blames the former FCC CIO for providing incorrect information.
Do you need a vulnerability disclosure program? The feds say yes
The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.
Hundreds of HP inkjet printer models vulnerable to critical remote code execution flaws
Hundreds of HP inkjet printer models are in desperate need of firmware patches before hackers start exploiting vulnerabilities to gain remote code execution.
Introducing Kit Hunter, a phishing kit detection script | Salted Hash, Ep. 40
Kit Hunter is a basic Python script that will run on Linux or Windows. When you run Kit Hunter it searches web directories for phishing kits based on common kit elements located in the tag file. If there is a match, it logs the...
Avast pulls CCleaner version that lacked privacy options after backlash
Avast-owned Piriform reverted to a previous version of CCleaner in response to user outrage over its new data collection policy that had no privacy options.
Security executives on the move and in the news
Find up-to-date news of CSO, CISO and other senior security executive appointments.
How quantum computers will destroy and (maybe) save cryptography
Quantum computers advance mean we might have only a few years before they can break all public key encryption. The day when every secret is known is near.
Most Popular
BrandPosts
Learn more-
Sponsored by Fortinet
-
Sponsored by RSA SecurID® Suite
-
Sponsored by BlueCat
Sponsored Links
- dtSearch® instantly searches terabytes of files, emails, databases, web data. See site for hundreds of reviews; enterprise & developer evaluations
- Strong data analytics is a digital business imperative — and it all begins with smart data governance practices.
- As a CSP, the benefits of upgrading your data center go straight to the bottom line – much more so than your average enterprise.