65 matches found
Critical Cisco Bug in Unified CCX Allows Remote Code Execution
Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express CCX. Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. Th...
BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks
Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society in London on September 24, 2019. I'm speaking at Cyber Security Nordic in Helsinki, Finland on...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm speaking on "Securing a World of Physically Capable Computers" at Oxford University on Monday, June 17, 2019. The list is maintained on this page...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I'm teaching a live online class called "Spotlight on Cloud: The Future of Internet Security with Bruce Schneier" on O'Reilly's learning platform, Thursday, April 4, at 10:00 AM PT/1:00 PM ET. The list is maintained on this page...
Click Here to Kill Everybody News
My latest book is doing well. And I've been giving lots of talks and interviews about it. I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer. My book talk at Google is also available. The Audible version w...
A week in security (November 12 – 18)
Last week on Malwarebytes Labs, we found out that TrickBot became a top business threat, so we took a deeper look at what's new with it. With Christmas just around the corner, the Secret Sister scam returned. We also touched on the security and privacy or lack thereof in smart jewelry, air traffi...
bruce-clarke.com XSS vulnerability
Open Bug Bounty ID: OBB-684316 Description| Value ---|--- Affected Website:| bruce-clarke.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...
Daniel Miessler on My Writings about IoT Security
Daniel Miessler criticizes my writings about IoT security: I know it's super cool to scream about how IoT is insecure, how it's dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it's fun to be invited to talk about how everything i...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3609 advisory. - fs/exec.c: account for argv/envp pointers Kees Cook Orabug: 26638900 CVE-2017-1000365 CVE-2017-1000365 - dentry name snapshots Al Viro Orabug:...
Legislation Proposed to Secure Connected IoT Devices
A Senate bill introduced today would prioritize security in connected devices, requiring providers who sell to the U.S. government to implement measures that would have been an impediment to the IoT botnet-fueled attacks against DNS provider Dyn and webhost OVH. The Internet of Things Cybersecuri...
eddiebruce.ca XSS vulnerability
Vulnerable URL: http://www.eddiebruce.ca/listingresults.asp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check eddiebruce.ca SSL...
Bruce Schneier on IoT Regulation
Mike Mimoso talks to Bruce Schneier, CTO of IBM Resilient, at RSA 2017 about the early days of the conference, his campaign for IoT regulation, and how the technical community needs to get involved with policy. Music by Chris Gonsalves...
Schneier Brings Campaign for IoT Regulation to RSA
SAN FRANCISCO—Bruce Schneier on Tuesday called on technologists to get involved with policy, insisting that as the Internet of things continues to unfold, the knowledge security experts have will become more applicable. Schneier, CTO of IBM Resilient, stressed in a talk here at the RSA Conference...
New Call to Regulate IoT Security By Design
A Washington, D.C. think tank whose mission is critical infrastructure security has joined the call for lawmakers to consider regulating the security of connected devices. In a report published this week, the Institute for Critical Infrastructure Technology pinned the blame for a rash of Mirai...
Vulnerability in OpenSSL - Missing CRL sanity check
This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. Found by Bruce...
Bruce Lee: Enter The Game - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Bruce Lee: Enter The Game published at the 'play' market has multiple vulnerabilities...
Al Qaeda Homegrown Encryption Likely Aids NSA Intelligence
Terrorist organization Al Qaeda has reportedly stepped up its development of homegrown encryption technology since the Edward Snowden leaks began last June. The question puzzling some security experts is: Why? “This is hard, and the odds they are doing it correctly are low,” said cryptographer an...
Bruce Schneier on Surveillance and Trust
Dennis Fisher talks with Bruce Schneier about the differences between bulk and targeted surveillance, the most concerning NSA revelations and making surveillance more expensive for intelligence agencies. Download: digitalunderground145.mp3...