2017

article thumbnail

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

Troy Hunt

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack , the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad. then totally screwing up the security.

IoT 279
article thumbnail

Tracking People Without GPS

Schneier on Security

Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

9 best practices to improve security in industrial IoT

Tech Republic Security

Dell EMC's senior product manager for IoT security, Rohan Kotian, hosted a presentation at Dell EMC World explaining how industrial enterprises can protect their IoT deployments.

IoT 167
article thumbnail

‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs

WIRED Threat Level

The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol.

209
209
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-theshelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums.

article thumbnail

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

Lenny Zeltser

When analyzing malware or performing other security research, it’s often useful to tunnel connections through a VPN in a public cloud. This approach helps conceal the analyst’s origin, contributing to OPSEC when interacting with malicious infrastructure. Moreover, by using VPN exit nodes in different cities and even countries, the researcher can explore the target from multiple geographic vantage points, which sometimes yields additional findings.

VPN 111

More Trending

article thumbnail

Ode to the use-after-free: one vulnerable function, a thousand possibilities

Scary Beasts Security

Overview This post explores an old but wonderful vulnerability that enables us to really showcase the (oft underestimated) power of the use-after-free vulnerability class. We’re going to take a step back and consider the wider class of “use-after-invalidation”, of which use-after-free is one type of use of invalidated state. We will see one single area of vulnerable code that has it all: use-after-invalidation leading to out of bounds reads and writes; use-after-free leading to object aliasing;

Hacking 126
article thumbnail

I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important

Troy Hunt

Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?

Banking 274
article thumbnail

Disqus Demonstrates How to Do Breach Disclosure Right

Troy Hunt

We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week, someone reached out and shared a number of data breaches with me.

article thumbnail

The 6-Step "Happy Path" to HTTPS

Troy Hunt

It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now doing this when served over an insecure connection: It's not doing it immediately for everyone , but don't worry, it's coming very soon even if it hasn't yet arrived for you personally and it's going to take many people by surp

256
256
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

2018 Cause Awareness & Giving Day Calendar

Troy Hunt

Cause awareness and giving days can be very powerful themes upon which to launch online fundraising campaigns. The real-time, in-the-moment nature of cause awareness and giving days can inspire donors to give provided that your nonprofit knows how to promote the days effectively. The first step is to decide which days to build a campaign upon and add them to your 2018 editorial calendar.

Internet 246
article thumbnail

Big data privacy is a bigger issue than you think

Tech Republic Security

When it comes to privacy, big data analysts have a responsibility to users to be transparent about data collection and usage. Here are ways to allay users' concerns about privacy and big data.

Big data 167
article thumbnail

Women in cybersecurity: IBM wants to send you to a hacker conference for free

Tech Republic Security

A new IBM scholarship will cover 100% of the entry fees for any woman interested in attending EC-Council's Hacker Halted conference. Here's how to take advantage of the offer.

article thumbnail

Ukraine is a test bed for global cyberattacks that will target major infrastructure

Tech Republic Security

On the ground in Kiev, TechRepublic got a first-hand look at the frontline of a cyberwar that involves alleged Russian state-sponsored hackers, organized crime, and lone-wolf attackers.

166
166
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

How to make your employees care about cybersecurity: 10 tips

Tech Republic Security

People are the largest security vulnerability in any organization. Here's some expert advice on how to make cybersecurity training more effective and protect your business.

article thumbnail

The next generation of cybersecurity professionals is being created by the Girl Scouts

Tech Republic Security

Girl Scouts of the USA is rolling out a set of 18 new cybersecurity badges next year, to teach young women in grades K-12 programming, ethical hacking, and identity theft prevention.

article thumbnail

IBM uses Watson to fill cybersecurity gaps

Tech Republic Security

IBM's new Watson for Cyber Security, unveiled at RSA, can tap into more than 1 million security documents to help cybersecurity professionals more easily identify and mitigate potential threats.

article thumbnail

macOS malware on the rise as Apple silently patches a mysterious new threat called Proton

Tech Republic Security

No one is safe from malware these days, even macOS users. 2017 has been a banner year for malware on Apple computers, including a new threat that allows total remote control from a web console.

Malware 164
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

80% of IoT apps not tested for vulnerabilities, report says

Tech Republic Security

A new report from the Ponemon Institute, IBM, and Arxan claims that just 20% of IoT apps and 29% of mobile apps are actually tested for vulnerabilities, raising security concerns.

IoT 162
article thumbnail

Rise of the 'accidental' cybersecurity professional

Tech Republic Security

To fill cybersecurity job shortages, a number of people, especially women, are entering the field from other careers. Here's why they might be able to help your company.

article thumbnail

10 books on cybersecurity that all IT leaders should read

Tech Republic Security

Want to start learning about cybersecurity? Check out TechRepublic's top 10 titles to understand how hackers have stolen millions in private data, how governments wage cyberwar, and how to beef up security systems.

article thumbnail

4 questions businesses should be asking about cybersecurity attacks

Tech Republic Security

At the 2017 Dell EMC World conference, RSA senior director of advanced cyber defense, Peter Tran, walked through examples of real-world IT questions and how they could be answered.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Yahoo confirms 32M accounts breached in 2015-2016 forged cookies attack

Tech Republic Security

In a recent annual report filed with the SEC, Yahoo confirmed that forged cookies were used to hack 32 million accounts. Here's what it means and why your company should be aware of such attacks.

article thumbnail

Do you work in the financial sector? Time to step up your cybersecurity habits

Tech Republic Security

A report from IBM Security revealed a 937% increase in records stolen from the financial sector in 2016. Here's what you need to know and do to protect your sensitive data.

article thumbnail

4 tips to help your business recruit, and keep, cybersecurity pros

Tech Republic Security

According to a new report from ISACA, 27% of US companies are unable to fill cybersecurity positions, and most applicants aren't qualified for the job. Here's how to better recruit cyber professionals.

article thumbnail

Free charging stations can hack your phone, here's how to protect yourself

Tech Republic Security

A recent experiment conducted by security company Authentic8 showed how lax some users are regarding their phone data. Here's how to practice good security when you need to charge.

Hacking 158
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

A visual map of emerging cybersecurity trends

Tech Republic Security

A study by TechRepublic and data firm Affinio reveals the social media communities and influencers talking about IoT, ransomware, bots, and other cybersecurity threats.

article thumbnail

Free PDF download: Cybersecurity in an IoT and mobile world

Tech Republic Security

This special report from ZDNet and TechRepublic examines the evolving landscape of cybersecurity as mobile and IoT become indispensable tools in the enterprise. Download it as a free PDF ebook.

IoT 161
article thumbnail

The world needs more cybersecurity pros, but millennials aren't interested in the field

Tech Republic Security

Only 7% of cybersecurity workers are under age 29, and just 11% are women. Here's how your business can better recruit younger, more diverse cybersecurity workers.

article thumbnail

Your internet history is now for sale. Here's how you can protect it

Tech Republic Security

Congress has voted to repeal restrictions preventing ISPs from gathering and selling your browsing data and other personal info. Here's how you can protect yourself.

Internet 166
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.