Hot Topics

Uncategorized

Backdoor in XZ Utils That Almost Happened

| | backdoors, economics of security, essays, Hacking, Infrastructure, Linux, national security policy, open source, SSH, supply chain, Uncategorized
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
Schneier on Security

Securing APIs through penetration testing

| | Uncategorized
APIs (Application Programming Interfaces) have become the backbone of many modern applications, and indeed the foundation of some businesses services. APIs enable seamless communication between applications, services and systems, allowing... The post ...
Insights | Cyber Security Experts | Sentrium Security
A laptop with a cloud computing illustration on the screen, placed on a desk with a cityscape in the background. Keyword.

Managing identity in a merger, acquisition or divestiture

| | Uncategorized
5 best practices to smoothly transition identity providers from an acquired company Mergers and acquisitions (M&A) are crucial in growing and expanding businesses. M&As have benefits that include increasing market share, diversifying ...
Strata.io

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

| | china, email, Hacking, Microsoft, Privacy, Uncategorized
The US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails ...
Schneier on Security

xz backdoor Part 2: On the Importance of Runtime Security in the Age of OSS Backdoors

| | Uncategorized
... Read more » The post xz backdoor Part 2: On the Importance of Runtime Security in the Age of OSS Backdoors appeared first on Deepfactor ...
Deepfactor
The importance of a post-penetration test action plan

The importance of a post-penetration test action plan

| | Uncategorized
As cyber threats continue to evolve and become more sophisticated, businesses must stay one step ahead in protecting their sensitive data and network infrastructure. Penetration testing is an essential tool... The post ...
Insights | Cyber Security Experts | Sentrium Security

XZ Utils Backdoor

| | backdoors, Hacking, Linux, open source, SSH, Uncategorized
The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have ...
Schneier on Security

Declassified NSA Newsletters

| | Applied Cryptography, foia, history of cryptography, history of security, nsa, Uncategorized
Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003. There are many interesting things ...
Schneier on Security

Ethics of Cyber Security: To Disclose or Not? 

| | Blog, Perspectives and POVS, Uncategorized
In a recent panel discussion, a thought-provoking question was posed to us, one that delves into the murky waters of cyber security and governmental responsibility. The query centered on the obligation of ...
VERITI

Ross Anderson

| | cryptanalysis, cryptography, Cybersecurity, economics of security, Security Conferences, Security Engineering, Uncategorized
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the ...
Schneier on Security
Load more

Secure Guardrails