Phishers target oil and gas industry amid Covid-19 downturn
While a massive flood of attacks has yet to hit the oil and gas industry, cybersecurity experts say this could be the calm before the storm.
cybersecurity
Why stopping stalkerware confounds cybersecurity experts
Stopping stalkerware isn’t easy, say cybersecurity experts, because it challenges legal and social ideas of what malware is.
Stuck with Windows 7? Here’s a security game plan
Microsoft is no longer supporting Windows 7. Everyone should have long since left it behind for a more secure operating system. But for some, upgrading isn’t an easy option.
How conscious companies can thread IoT’s security and privacy needles
Australian motorcycle helmet maker Forcite is trying to balance utility, safety, and privacy. Here’s a look at today’s challenges in securing connected devices, from Washington to Sydney.
Female CISO: How (and why) to invest in cybersecurity
EVRY’s Monica Verma charts her path from curious kid to hacker to CISO. Improving cybersecurity, she writes, means treating it as an investment rather than a brake on innovation.
How bug bounties are fueling hacker entrepreneurs
As the bug bounty business matures, the bounties themselves present opportunities for hacker entrepreneurs to pocket profits while developing an important blend of business skills.
Aviation security is taking off—and taking after car security
At DefCon’s Aviation Village, experts convene to explore planes’ burgeoning hacking vulnerabilities and highlight a need for proactive collaboration to protect their systems.
Freshly (un)retired, Gary McGraw takes on machine-learning security (Q&A)
In 2000, McGraw wrote the first book on software security, paving the way for an entire industry. With BIML, he’s shifted his attention to a new frontier: machine-learning algorithms.
Hutchins’ plea deal raises as many questions as it answers
Earlier this week, Marcus Hutchins, the man who helped stop the WannaCry global ransomware attack, admitted in court to developing the Kronos banking malware as... Read More...
Chernobyl’s lessons for critical-infrastructure cybersecurity
Are the nuclear-power industry’s collective responses to the 1986 disaster enough to stave off clever nation-state cyberattacks? The Parallax visits the toxic site and takes a closer look.
6 cybersecurity trends we’re thankful for
You might think of cybersecurity professionals as tech’s collective “watchers on the wall”—the guardians who let you know when doom is coming. With that perspec... Read More...
To fill cybersecurity positions, recruit veterans
As veterans with cybersecurity experience struggle to find civilian jobs, employers are struggling to fill cybersecurity jobs. There’s a big opportunity here. Here’s what needs to change.
7 simple reasons to vote
In a column for The Parallax, Gary McGraw outlines why his band wrote a song that passionately encourages every eligible voter to fill out and submit a ballot.
Primer: 4 ways to protect your devices from botnets
A device’s unwitting participation in a malicious robot network, or botnet, is practically detectable only through a forensic examination, experts tell us. But we can take steps to protect our devices.
A civilian’s guide to military jargon for cybersecurity
Consumers have long adopted military terms to describe their many civilian challenges. They can also use military tactics to tackle those challenges. Here is a sampling of each.
Mueller’s indictment of election hackers a cybersecurity ‘wake-up call’
The technically detailed indictment of 12 Russian GRU officers implies a struggle to find appropriate and effective cybersecurity deterrents to geopolitical hacking, experts say.
Israel’s cybersecurity industry is a unicorn. Here’s why
It’s not just Be’ersheba’s interdisciplinary approach. Israel’s unique politics, geography, and economics have played major roles in its transformation into a cybersecurity power player.
At S(h)ecurity, a focus on infosec industry imbalance (Q&A)
Homogenous viewpoints can lead security teams to jump to conclusions or miss key details. Diversity is important. Leading into her keynote at Day of S(h)ecurity, Vijaya Kaza says changes needs to start at the grade level.
20 years on, L0pht hackers return to D.C. with dire warnings
Two decades after presenting at the Senate’s first cybersecurity hearing, veteran L0pht hackers Kingpin, Mudge, Weld Pond, and Space Rogue reflect on progress and urge for much more.
Tom Ridge on how we should fight our ‘digital war’ (Q&A)
To address cyberrisks, former Pennsylvania governor and DHS secretary Tom Ridge says the relationship between the private and public sectors needs to move from punitive to collaborative.
Nonexistent Trump cybersecurity policy worries experts
Critics push for the Trump administration to deliver on its promise of a national cybersecurity policy—one that has more legal weight than words like “should” and “may.”
Cybersecurity Style Guide helps you write like a hacker
The point of the Bishop Fox Cybersecurity Style Guide, its editor says, is to “bridge the gap between people who are writing in security, and the people who have to read that.”
In the gig economy, a cybersecurity divide
The gig economy’s investment in cybersecurity education and protection is hard to quantify, but it’s easy to see that it’s important, researchers explain at the Enigma Conference.
How to reduce ‘collateral damage’ from blockbuster cyberattacks
In order to reduce damage, security teams need to change their approach to vulnerability assessment, Bryson Bort writes. This starts with recognizing that nobody is safe from a cybersecurity threat.
Georgia bill could stifle the state’s booming cybersecurity community
Georgia Senate Bill 315 includes vague language reflective of the CFAA antihacking law that experts and advocates fear would be used to unfairly punish security researchers.
During a government shutdown, U.S. cybersecurity workers stay active
U.S. agencies, in recent years, have crafted plans that allow cybersecurity workers to remain on the job, even if there's a government shutdown.
Too many cybersecurity jobs, too few hackers
“There’s just not enough cybertalent, not enough people with the level of expertise needed,” one expert says. Filling critical roles will mean recruiting and training outside the box.
Self-driving car bill leaves cybersecurity rules open to interpretation
While a passed House bill doesn’t directly address autonomous-vehicle hacking dangers, some experts maintain that broad regulatory language is better for rapidly developing technology.
Fear and cybersecurity musing en route to Las Vegas
While riding my motorcycle to DefCon and Black Hat, I visualized the security industry’s high-water mark—that place, Hunter S. Thompson wrote, “where the wave finally broke and rolled back.”
Kronos malware indictment highlights the risk of trust
Good security relies on trust, which doesn’t scale well. So writes Internet pioneer Paul Vixie, as he reflects on the indictment of the man who stopped WannaCry on charges related to Kronos.
Effective cybersecurity starts with seeing yourself as a target
Our vital systems and seemingly frivolous daily communications are in need of technological scrutiny. And yet we often fail to see ourselves as targets and take action.
Trump’s cybersecurity order not likely to have a major impact, experts say
The 3-section order, which builds largely on initiatives the Obama administration set in motion, outlines federal guidance to “create more cohesion and consolidation between agencies.”
Uncertain future for Wassenaar ‘cyberweapons’ agreement under Trump
Revision proposals for the international agreement to control weapons exports aim to address language that could have severe consequences for security researchers.
Trump’s largely opaque cybersecurity intentions
As the new president establishes his cabinet, and issues (and holds back on) security-focused executive orders, questions abound about his cybersecurity intentions—and how he might follow through on them.
Over Trump’s inaugural weekend, insecurities abound
After a presidential election marked by hacks and leaks and claims of “bleak” urban streets, those of the nation’s capital were filled—quite literally—with anger and worry. And hope.
Comic book illustrates ex-NSA analyst’s outlook on online security (Q&A)
Oren Falkowitz, author of Pineapple Sparkle, says technology needs to provide for online consumers what seat belts provide for car passengers. And consumers need to appreciate it.
What to keep an eye on from Trump’s cybersecurity policy
Will Trump be able to fill key positions? Will he heed warnings about Russia? Will he look to force tech companies to create encryption backdoors? Here’s what several experts tell us.
Chertoff sees ‘Internet of threats’ (Q&A)
The former DHS secretary tells The Parallax that as people raise their consciousness about security, nations urgently need to form agreements about cyberwarfare limits.
Hackers call for federal funding, regulation of software security
From a plea for an “NIH for cyber” to a plan for “software supply chain transparency,” Black Hat and DefCon insiders say it’s time for the U.S. government to ensure software safety.
How an FBI win against Apple could hurt my company
To any software engineer with an imagination, the resulting possibilities are horrifying. A favorable precedent would let the government turn us into unwilling surveillance assistants.
Privacy, cybersecurity get little play in presidential debates
Tech issues may be too complex—and too lacking of simple populist messages—to argue about on stage. But the candidates have their opinions. Here’s an overview.
What it’s like to play chess master Garry Kasparov
Even in assured defeat, competing in chess against the longstanding top player in the world is a privilege. It is also an experience in learning the value of adaptability.
CISA sneaks through Congress, leaving privacy groups scrambling
Privacy advocates split on how to proceed, after the controversial cybersecurity law gets tacked on to a massive government spending bill.
Politicians try to draw online providers into fight against terror
Some lawmakers want social-media providers, ISPs, and other businesses to report suspected terrorist activity, but critics say additional requirements may be counterproductive.
Why cybersecurity’s future may be in the hands of the devil’s advocate (Q&A)
A new book by Council on Foreign Relations member Micah Zenko explains why organizations still struggle with security vulnerabilities—and how “red teaming” promises a fresh start.
Paris attacks reignite U.S. encryption debate
In the wake of the terrorist attacks in France, U.S. government agencies, including the CIA, are reiterating their arguments for security standard backdoors into communications data.
The fight over CISA isn’t over
Privacy advocates still have some moves to make following Senate approval of the controversial cyberthreat information-sharing bill.
Regarding CISA, D.C.’s from Mars, Silicon Valley’s still from California
The political establishment and the tech industry aren’t clashing for the first or last time over the government’s proper role in safeguarding privacy and cybersecurity.
Tech companies say no to CISA. Too late?
Opponents of the cyberthreat information-sharing bill, designed to protect companies that share cyberattack data with federal agencies from customer lawsuits, face tough odds.
U.S.-China cyberspying deal: Start of something big?
Some security and policy experts see the agreement as a potential model for new treaties—or, at the very least, a sign of progress. Others see a whole lot of problems.
U.S.-China cyberdeal: Another useless photo op
Although September’s agreement may prohibit China from cyberespionage for commercial gain, it’s still open season for everything else.
CISA’s ‘a surveillance bill in cybersecurity clothing’
A proposed law to make it easier for government agencies to share information also would allow businesses to deliver personal data to the NSA or FBI, critics contend.