-
Cryptanalysis of ENCSecurity’s Encryption Implementation
PRIVACY PRIVACY ENCSecurity markets a file encryption system, and it’s used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it’s implementation is flawed in multiple ways—and breakable. The moral is, as it always is, that implementing cryptography securely is hard. Don’t roll your own anything if you can help…
-
Threat actors becoming more creative exploiting the human factor
PRIVACY PRIVACY Threat actors exhibited “ceaseless creativity” last year when attacking the Achilles heel of every organization—its human capital—according to Proofpoint’s annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company’s deployments to identify the latest attack trends by malicious players. “Last year, attackers…
-
DevSecOps deploy and operate processes
PRIVACY PRIVACY In the previous article, we covered the release process and how to secure the parts and components of the process. The deploy and operate processes are where developers, IT, and security meet in a coordinated handoff for sending an application into production. The traditional handoff of an application is siloed where developers send…
-
Googler Suspended After Claiming AI Became Sentient
PRIVACY PRIVACY Claims raise troubling ethical and cybersecurity considerations Read More
-
Two Convicted in Major Drugs Bust After Cops Read Encrypted Chats
PRIVACY PRIVACY One of UK’s largest ever drugs labs has been closed down Read More
-
Web3 and IAM: Marching toward disruption
PRIVACY PRIVACY Identity and access management (IAM) embraces a broad swath of IT practice. This practice is subject to two forces pushing it towards greater prominence: increasing threat actor activity and increasing infrastructure complexity. In response, we see increasing sophistication of the tools used to deal with both. Web3 technology has unique characteristics that lend…
-
9 ways hackers will use machine learning to launch attacks
PRIVACY PRIVACY Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage. However, some threat actors are also using machine learning and AI a to scale up their cyberattacks,…
-
Eight Zero Days Could Open Doors for Hackers
PRIVACY PRIVACY Trellix finds bugs in OT used for physical access controls Read More
-
Indian CISOs voice concerns on CERT-In’s new cybersecurity directives
PRIVACY PRIVACY Cybersecurity experts have raised concerns around the recently announced standards by the Indian Computer Emergency Response Team. 0n 28 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued directives that, among other things, require entities to report cybersecurity incidents to the agency within six hours and maintain IT logs and communications for…
-
Adconion Execs Plead Guilty in Federal Anti-Spam Case
PRIVACY PRIVACY At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email. In October 2018, prosecutors in the…