Help Net Security

Don't miss:

Optionsbleed bug makes Apache HTTP Server leak data from memory

Using security cameras and infrared light to extract data from air-gapped networks

Setting the standard for a blockchain protocol for IoT

Hot stuff

Apache

Optionsbleed bug makes Apache HTTP Server leak data from memory

On Monday, security researcher Hanno Böck detailed a memory-leaking vulnerability in Apache HTTP Server that’s similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014. Unlike Heartbleed, Optionsbleed (as Böck dubbed it) affects a relatively limited number of servers. About Optionsbleed (CVE-2017-9798) The bug affects …

Google Chrome

Google Chrome most resilient against attacks, researchers find

Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found Chrome to be the most resilient against attacks. “Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, …

bulb

AI will change the face of security, but is it still the stuff of sci-fi?

The technology industry has always had a big problem with hype, with marketing teams, analysts and the media alike tending to fixate on the next big thing that will revolutionise our lives. Artificial intelligence is the latest technology to be seized by hype, due in part to its role as a staple of science fiction for decades – something …

fight

Why end-to-end encryption is about more than just privacy

The question of whether regular people need end-to-end encryption will surely be debated for quite some time. But for Alan Duric, CEO and co-founder of Wire, the question can only have a positive answer. Alan Duric on stage at FSec 2017 As he told the audience at the FSec security symposium in Varazdin, Croatia, end-to-end encryption is about …

bulb

Spotlight

AI will change the face of security, but is it still the stuff of sci-fi?

camera

Using security cameras and infrared light to extract data from air-gapped networks

Researchers have demonstrated that it’s possible for attackers to covertly exfiltrate …

Google Chrome

Google Chrome most resilient against attacks, researchers find

Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found …

businessman

The evolving nature of the CISO role

CCleaner

A clearer picture of the CCleaner backdoor incident

Expert corner

iPhone X gets facial authentication, is the enterprise next?

Ryan Zlockie Global VP of Authentication at Entrust Datacard

iPhone X gets facial authentication, is the enterprise next?

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Corey Nachreiner CTO at WatchGuard Technologies

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Navigating GDPR in the mobile enterprise

John Aisien CEO at Blue Cedar

Navigating GDPR in the mobile enterprise

The real cost of alarm fatigue

Tony Rowan Chief Security Consultant at SentinelOne

The real cost of alarm fatigue

What’s the use of a privacy policy?

Raj Samani Chief Scientist at McAfee

What’s the use of a privacy policy?

The security status quo falls short with born-in-the-cloud software

Manish Gupta CEO at ShiftLeft

The security status quo falls short with born-in-the-cloud software

SIEM challenges: Why your security team isn’t receiving valuable insights

Brad Taylor CEO at Proficio

SIEM challenges: Why your security team isn’t receiving valuable insights

We can’t rely on black swans: Three areas to improve cyber policy now

Dr. Andrea Little Limbago Chief Social Scientist at Endgame

We can’t rely on black swans: Three areas to improve cyber policy now

Where does corporate cloud security responsibility begin and service provider responsibility end?

William Hurley AVP Software Lifecycle Services at Astadia

Where does corporate cloud security responsibility begin and service provider responsibility end?

Has healthcare misdiagnosed the cybersecurity problem?

Kevin Magee Global Security Strategist at Gigamon

Has healthcare misdiagnosed the cybersecurity problem?

Shark or not? 3 real-life security scenarios and how to tell which will really bite

Nir Polak CEO at Exabeam

Shark or not? 3 real-life security scenarios and how to tell which will really bite

Decrypting DEF CON badge challenges

Marc Laliberte Information Security Threat Analyst at WatchGuard Technologies

Decrypting DEF CON badge challenges

What's New

Trusted IoT

Setting the standard for a blockchain protocol for IoT

A wide range of blockchain technology companies and enterprises like Cisco, Gemalto and Bosch have launched the Trusted IoT Alliance, an initiative that aims to bring companies together to develop and set the standard for an open source …

war games

The three least effective enterprise security measures

Fifty-nine percent of respondents to a Bitglass survey at Black Hat USA 2017 identified phishing as the best data exfiltration strategy, as human error and ignorance will always be exploitable. Understandably, and in line with recent …

defend

Number of lost, stolen or compromised records increased by 164%

According to Gemalto’s Breach Level Index, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. Compared to the last six months of 2016, the number of lost, stolen or compromised records …

Apache

Optionsbleed bug makes Apache HTTP Server leak data from memory

On Monday, security researcher Hanno Böck detailed a memory-leaking vulnerability in Apache HTTP Server that’s similar to the infamous OpenSSL Heartbleed bug uncovered in April 2014. Unlike Heartbleed, Optionsbleed (as Böck dubbed it) …

camera

Using security cameras and infrared light to extract data from air-gapped networks

Researchers have demonstrated that it’s possible for attackers to covertly exfiltrate data from and send data into an air-gapped network by using the infrared light capabilities of (indoor and outdoor) security cameras connected to it. …

Reviews

Review: Cato Cloud

Review: Cato Cloud

Review: Securing the Internet of Things

Review: Securing the Internet of Things

Review: Pwnie Express Pulse

Review: Pwnie Express Pulse

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Review: Threat Forecasting

Review: Threat Forecasting

Don't miss

Apache

Optionsbleed bug makes Apache HTTP Server leak data from memory

camera

Using security cameras and infrared light to extract data from air-gapped networks

Trusted IoT

Setting the standard for a blockchain protocol for IoT

businessman

The evolving nature of the CISO role

iOS 11

Apple releases iOS 11

Google Chrome

Google Chrome most resilient against attacks, researchers find

user

Infosec weakest links: Negligent employees and poor password policies

CCleaner

A clearer picture of the CCleaner backdoor incident

Apple Face ID

Apple’s Face ID can be quickly disabled in an emergency

bulb

AI will change the face of security, but is it still the stuff of sci-fi?

Apple Face ID

iPhone X gets facial authentication, is the enterprise next?

city night

New infosec products of the week: September 15, 2017

Malware news

A clearer picture of the CCleaner backdoor incident

On Monday, Cisco and Piriform – the Avast-owned company behind the popular CCleaner utility – announced that certain versions of the software have been backdoored by hackers. A blog post by security outfit Morphisec later revealed …

Cybercriminals deploying assortment of banking Trojans and ransomware

Hackers backdoored CCleaner, likely affecting millions of users

Unsecured Elasticsearch servers turned into PoS malware C&Cs

Locky ransomware returns with new tricks up its sleeve

Black Hat USA 2017

The three least effective enterprise security measures

Fifty-nine percent of respondents to a Bitglass survey at Black Hat USA 2017 identified phishing as the best data exfiltration strategy, as human error and ignorance will always be exploitable. Understandably, and in line with recent …

Visual network and file forensics with Rudra

Most infosec pros believe election hacks are acts of cyber war

Emerging threats fuel public threat intelligence sharing

Leveraging social media in advanced threat intelligence