🔐 How to help CISOs understand their role in cloud security 🔐

Some 90% of CISOs are confused about their role in securing a SaaS environment, according to an Oracle and KPMG report.

📖 Read

via "Security on TechRepublic".

🕴 The Anatomy of a Lazy Phish 🕴

A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.

📖 Read

via "Dark Reading: ".

❌ Microsoft: Russia’s Fancy Bear Working to Influence EU Elections ❌

As hundreds of millions of Europeans prepare to go to the polls in May, Fancy Bear ramps up cyber-espionage and disinformation efforts.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks 🕴

A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.

📖 Read

via "Dark Reading: ".

❌ GitHub Increases Rewards, Scope For Bug-Bounty Program ❌

GitHub is offering unlimited rewards for critical vulnerabilities - and has added "safe harbor" terms to its bug bounty program.

📖 Read

via "Threatpost | The first stop for security news".

❌ Password Manager Firms Blast Back at ‘Leaky Password’ Revelations ❌

1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.

📖 Read

via "Threatpost | The first stop for security news".

🕴 9 Years After: From Operation Aurora to Zero Trust 🕴

How the first documented nation-state cyberattack is changing security today.

📖 Read

via "Dark Reading: ".

🔏 Former Coke, Eastman Employee Stole Chemical Formulas: Report 🔏

Prosecutors say that as part of a conspiracy to steal trade secrets, the Chinese-born scientist stole data related to bisphenol-A-free food packaging worth $120M.

📖 Read

via "Subscriber Blog RSS Feed ".

❌ Apple’s Shazam App Boots Facebook Ads and Other Third-Party SDKs ❌

The music-recognition app that Apple bought for $400 million is removing Facebook Ads, DoubleClick, Facebook Analytics and more.

📖 Read

via "Threatpost | The first stop for security news".

🕴 POS Vendor Announces January Data Breach 🕴

More than 120 restaurants were affected by an incident that exposed customer credit card information.

📖 Read

via "Dark Reading: ".

❌ Separ Malware Plucks Hundreds of Companies’ Credentials in Ongoing Phish ❌

An ongoing phishing campaign is targeting hundreds of businesses to steal their email and browser credentials using a simply - but effective - malware.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Mastercard, GCA Create Small Business Cybersecurity Toolkit 🕴

A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.

📖 Read

via "Dark Reading: ".

❌ Researcher: Not Hard for a Hacker to Capsize a Ship at Sea ❌

Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners. With so many previously outlined ways […]

📖 Read

via "Threatpost | The first stop for security news".

🔐 Best practices for handling gaps in cloud security 🔐

Establishing sufficient cloud security is a complex challenge. Learn where your attention is best directed to achieve the best results.

📖 Read

via "Security on TechRepublic".

🕴 As Businesses Move Critical Data to Cloud, Security Risks Abound 🕴

Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.

📖 Read

via "Dark Reading: ".

⚠ Can you really sniff out gas station card skimmers with your phone? ⚠

A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...

📖 Read

via "Naked Security".

🕴 Insurer Offers GDPR-Specific Coverage for SMBs 🕴

Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.

📖 Read

via "Dark Reading: ".

ATENTION‼ New - CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).

📖 Read

via "National Vulnerability Database".

ATENTION‼ New - CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

📖 Read

via "National Vulnerability Database".

<b>&#9939; Unsupervised Learning: No. 165 &#9939;</b>

<code>Media</code><code>Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter.</code><code>The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think about as well.</code><code>Subscribe to the Newsletter or Podcast</code><code>&#128737;&#65039; Security News


&#128293; The OpenAI team created an algorithm that can write news stories so well that they are refusing to release it due to potential use to create fake news. I get what they’re doing, but the odds of this not being co-developed by many other groups is close to zero over a span of months. Here’s an example of a fake story it wrote about national security, and it did this on its second try with just a few words of seeding by a human. Link

People are concerned that Twitter may not be actually deleting DMs when you delete them. Someone pulled their data archive from Twitter and found their own deleted DMs. It’s a good reminder that it’s a good policy to just consider anything you do online to be permanent. Link

Trend Micro and the Ponemon Institute created a Cyber Risk Index, which ranks from -10 to 10. Strangely, the lower the number the better, even though it’s called a Risk Index. And if you put that in a graph from left to right, the right side is better than the left side. I couldn’t even get into the way they built the numbers because I’m forced to assume that process was as bad as the interface. The whole purpose of a system like this is to be used by others, so how could you possibly make such bad choices on the UI? Link

Someone found an open Chinese database online that was being used to track the location of millions of Uyghurs in the country. Between this, the re-education camp, the mass-surveillance and social credit system, the nation-wide censorship firewall, and their colonization of Africa, it’s obvious they’re willing to do anything to win at this real-life game of Civiilization. The’ve become morally belligerent. Link

Drones will soon require visible license plates. Link

Switzerland is doing a bug bounty on their e-voting system. Link

The Pentagon is worried about China and Russia fielding ground-based lasers that can blind and otherwise disable U.S. satellites. Link

Advisories: Ubiquiti Device DDoS Potential, 75 Adobe Vulnerabilities, Android App Tracking, SAP HANA,

Leaks: 620 Million Records For Sale on Dark Web


&#9881;&#65039; Technology News


If you refresh this website you’ll get a human face, except they’re not real humans—they’re AI generated. Importantly, it’s not a collection of pre-made images getting loaded. They’re all generated on the fly. Link

Chinese phones now make up a third of the European market, and Huawei has the top position. Link

One in six Americans wear a smartwatch. Link


&#128103;&#127996;  Human News


Student debt that’s 90 or more days delinquent is now at $166 billion dollars—which is an all-time high. Link

Men who could do more than 40 push-ups had a 96% reduced risk of cardiovascular disease relative to men who could do less than 10, over a ten-year study. Link

Mars Rover Opportunity’s last words were, “My battery is low and it’s getting dark.” It was a little robot that was only supposed to work for 90 days, but it soldiered on for 15 years. And after not being able to raise her after many attempts, they sent her Billie Holliday’s I’ll Be Seeing You. It’s strange how I get emotional about such things, but I’ll miss her. I hope to be able to watch when we revive her once on the planet. Link

NASA and ESA are planning a mission to deflect an astroid. Link


&#128161; Ideas, Trends, & Analysis


The Rise of the Corporate Technology Ecosystem — My new essay on how corporations will soon become our universal and subscription-based…

⚠ Sorry, we didn’t mean to keep that secret microphone a secret, says Google ⚠

It's been off by default, Google says - not much consolation to those who don't cotton to the notion of a "secret" listening gadget.

📖 Read

via "Naked Security".