Schneier on Security

MARCH 29, 2018

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos , things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits -- even if we didn't

Surveillance 222

Surveillance Artificial Intelligence Advertising Big data 222

Troy Hunt

MARCH 26, 2018

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards: Should I respond?

Scams 198

Scams Penetration Testing Accountability Data breaches 198

Thales Cloud Protection & Licensing

MARCH 22, 2018

This blog was originally published on Business Reporter. To view the article, please click here. To see where the future of payments lies, we should look to its past. The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. A fair trade of one thing for another. Go back a few thousand years and the invention of money meant that food could be effectively turned into metal and stored for as long as needed, before being turned back into food ag

Banking 107

Banking Financial Services Accountability Technology 107

Elie

MARCH 10, 2018

This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.

Malware 107

Malware Adware Accountability Backups 107

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

MARCH 16, 2018

The Colombian-American hacker became famous in the early 2000s for breaking into the systems at organizations like *The New York Times*, and later for his role in Chelsea Manning's arrest.

105

105

Dark Reading

MARCH 2, 2018

Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.

Passwords 103

Passwords Accountability Phishing 103

Troy Hunt

MARCH 1, 2018

If I'm honest, I'm constantly surprised by the extent of how far Have I Been Pwned (HIBP) is reaching these days. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking "I wonder if people actually know where their data has been exposed?" I built it in part to help people answer that question and in part because my inner geek wanted to build an interesting project on Microsoft's Azure.

Government 186

Government Data breaches Passwords Authentication 186

Thales Cloud Protection & Licensing

MARCH 13, 2018

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. In Linux, for instance, it takes four openSSL commands to generate an encryption key and encrypt data. However, simply encrypting data is not a sufficient control when storing data in the cloud.

Encryption 95

Encryption Risk Accountability 95

Elie

MARCH 10, 2018

This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.

Malware 91

Malware Adware Accountability Backups 91

WIRED Threat Level

MARCH 27, 2018

What's happening at the US Army's new cyber branch headquarters marks a change for Fort Gordon. Hell, it might be changing warfare itself—all through a computer screen.

106

106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

MARCH 30, 2018

The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.

Cybersecurity 94

Cybersecurity 94

Schneier on Security

MARCH 15, 2018

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two sets: what humans do well and what computers do well.

Artificial Intelligence 166

Artificial Intelligence Internet Internet Technology 166

Troy Hunt

MARCH 27, 2018

Recently, I've witnessed a couple of incidents which have caused me to question some pretty fundamental security basics with our local Aussie telcos, specifically Telstra and Optus. It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: Is it normal for @Telstra to display customer passwords on publicly facing terminals in

Passwords 153

Passwords Banking Mobile Telecommunications 153

Thales Cloud Protection & Licensing

MARCH 28, 2018

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data. Enterprises cannot ignore the responsibility of implementing a strong key assurance service that ensures they maintain control of their own risks.

Encryption 90

Encryption Government Authentication Accountability 90

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

WIRED Threat Level

MARCH 19, 2018

In undercover videos filmed by Britain’s Channel 4 news, Cambridge Analytica executives appear to offer up various unsavory tactics to influence campaigns.

109

109

eSecurity Planet

MARCH 13, 2018

Every business uses email, yet many are unaware of email security threats. Here's a look at the threats - and how to secure your business email.

83

83

Schneier on Security

MARCH 26, 2018

Interesting research into undetectably adding backdoors into computer chips during manufacture: " Stealthy dopant-level hardware Trojans: extended version ," also available here : Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which

Manufacturing 162

Manufacturing Government Malware 162

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Troy Hunt

MARCH 30, 2018

It's a MASSIVE weekly update! The big news for me this week is the 1Password partnership and I've really tried to share more about how I came to the decision to work with them in this video. I've been so cautious with the way I've managed the image of HIBP to ensure it's always positioned in the right light and I wanted to delve more into that thinking here.

Data breaches 119

Data breaches Passwords 119

Thales Cloud Protection & Licensing

MARCH 6, 2018

Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data.

Data privacy 88

Data privacy Encryption Healthcare Insurance 88

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

WIRED Threat Level

MARCH 13, 2018

After a series of scandals related to misinformation, YouTube CEO Susan Wojcicki announced the company would begin directing users to sources like Wikipedia.

108

108

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

MARCH 1, 2018

A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.

Cybersecurity 100

Cybersecurity 100

Schneier on Security

MARCH 2, 2018

Since you don't have enough to worry about, here's a paper postulating that space aliens could send us malware capable of destroying humanity. Abstract : A complex message from space may require the use of computers to display, analyze and understand. Such a message cannot be decontaminated with certainty, and technical risks remain which can pose an existential threat.

Malware 157

Malware Risk 157

eSecurity Planet

MARCH 21, 2018

Next-gen firewalls, UTMs, web application firewalls, cloud-based firewalls, container firewalls and more: Everything you need to know about firewalls.

Firewall 76

Firewall 76

Thales Cloud Protection & Licensing

MARCH 29, 2018

As the volume of both card-based payments and digital payments continue to grow significantly year-on-year, the importance of securing sensitive card data (and in particular the primary account number or PAN) has never been a more critical and challenging task. In the recent Thales eSecurity eBook, ‘ PCI Compliance and Data Protection for Dummies ’, we cover the main technologies that can be used, such as encryption and tokenization, to help with such efforts in protecting the payment prior to a

Data breaches 87

Data breaches Encryption Mobile IoT 87

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Elie

MARCH 2, 2018

Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a crypto-currency such as Bitcoin. In this paper, we create a measurement framework that we use to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims, and operators. By combining an array of data sources, including ransomware binaries, seed ransom payments, victim telemetry from infections, and a large database of Bitcoin addresses annotated with their owne

Ransomware 78

Ransomware Encryption Malware 78

WIRED Threat Level

MARCH 2, 2018

By leaving Instagram followers off the public record, Columbia researcher Jonathan Albright says Facebook is making the Russian trolls' true audience appear artificially low.

96

96

Dark Reading

MARCH 21, 2018

The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.

Risk 78

Risk 78

Schneier on Security

MARCH 5, 2018

This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research to be done here.

150

150

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity