Daniel Miessler

MARCH 24, 2021

Related posts: My RSA 2017 Recap. 10 Behaviors That Will Reduce Your Risk Online. Try not to skip steps, i.e., it’s best to make the move to unique, quality passwords stored in a manager before you add 2FA. Thanks to Troy Hunt, Anton Chuvakin, and Tim Dierks for spawning the idea for this.

Authentication 363

Authentication Passwords Internet Internet 363

Troy Hunt

OCTOBER 9, 2017

From that moment, the timeline in their public disclosure began which I highlighted in this tweet: 23 hours and 42 minutes from initial private disclosure to @disqus to public notification and impacted accounts proactively protected pic.twitter.com/lctQEjHhiH — Troy Hunt (@troyhunt) October 6, 2017. Bugs happen and they suck.

Data breaches 279

Data breaches Passwords Accountability Internet 279

eSecurity Planet

FEBRUARY 11, 2022

Risk management is a concept that has been around as long as companies have had assets to protect. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.

Risk 145

Risk Cybersecurity Encryption Technology 145

Schneier on Security

JANUARY 25, 2022

billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software. Merck suffered US$1.4

Insurance 221

Insurance Cyber Attacks Government Malware 221

Joseph Steinberg

DECEMBER 2, 2022

Patent number US 11,438,334 entitled Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhancing Security , discloses a robust invention that addresses the risks that posts to social media may pose to businesses and individuals alike. US 9,813,419 – Granted in November of 2017.

Media 269

Media Technology Artificial Intelligence Risk 269

The Hacker News

AUGUST 16, 2024

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware.

Risk 133

Risk Malware Software 133

The Hacker News

JANUARY 3, 2022

In May 2017, the first documented ransomware assault on networked medical equipment happened.

Ransomware 136

Ransomware Risk Healthcare Software 136

Malwarebytes

JUNE 19, 2025

Endowing toys with human-seeming voices that are able to engage in human-like conversations risks inflicting real damage on children. Mattel pulled the toy from shelves in 2017. We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline.

Surveillance 115

Surveillance Technology Risk Marketing 115

eSecurity Planet

APRIL 23, 2025

Risk management has re-entered the top 10 CEO priorities for the first time since 2017, with cybersecurity at the heart of that shift. However, as AI adoption grows, so does the need for stronger cybersecurity. CEOs say that protecting their innovations and customer data is now a business necessity, not just an IT concern.

Cybersecurity 108

Cybersecurity Data breaches Cyber threats Technology 108

Security Affairs

MAY 13, 2025

Marbled Dust has been active since at least 2017 and primarily targets organizations in Europe and the Middle East. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Microsoft researchers believe the group selects this method based on reconnaissance, confirming the use of the app.

DNS 85

DNS Telecommunications Architecture Media 85

Schneier on Security

AUGUST 21, 2023

In other words: the government wants software that is capable of identifying and mitigating risks by itself. China has been doing this every year since 2017.) This is a great idea. I was a big fan of DARPA’s AI capture-the-flag event in 2016 , and am happy to see that DARPA is again inciting research in this area.

Cybersecurity 235

Cybersecurity Small Business Government Software 235

The Last Watchdog

MAY 2, 2019

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. I had the chance at RSA 2019 to discuss the SMB security landscape at length with Gill.

Risk 182

Risk Cyber Risk Cyber threats Banking 182

Security Affairs

MARCH 20, 2025

The third issue added to the KeV catalog is a directory traversal vulnerability, tracked as CVE-2017-12637 , in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5. dot dot) in the query string, as exploited in the wild in August 2017.

Backups 71

Backups Hacking Cybersecurity Malware 71

Krebs on Security

JULY 29, 2019

Marcus Hutchins , the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday. ”

Banking 230

Banking Malware Government Ransomware 230

Schneier on Security

APRIL 4, 2019

Abstract: Keen Security Lab has maintained the security research work on Tesla vehicle and shared our research results on Black Hat USA 2017 and 2018 in a row. In addition, we also found a potential high-risk design weakness of the lane recognition when the vehicle is in Autosteer mode.

Software 268

Software Risk 268

SecureWorld News

OCTOBER 16, 2024

Back in 2017, SecureWorld News reported that cybersecurity researchers took control of an LG 'Smart' vacuum and spied on the home through the device's camera. Smart home users should stay vigilant, update device software regularly, and implement network security best practices to mitigate risks. The video is unnerving.

IoT 117

IoT Hacking Risk Internet 117

Krebs on Security

AUGUST 23, 2018

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans.

Software 221

Software Internet Internet Risk 221

Krebs on Security

MAY 28, 2020

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. For example, search in Google for the terms “booter” or “stresser” from a U.K.

Cybercrime 295

Cybercrime DDOS Advertising Hacking 295

CSO Magazine

JANUARY 10, 2022

The FTC also evoked the cautionary tale of credit rating agency Equifax, which in 2017 failed to patch a known vulnerability that irreversibly exposed the personal information of 147 million consumers.

Risk 129

Risk Software 129

Malwarebytes

APRIL 3, 2025

The Entity List identifies entities that the US believes pose a risk to its national security. ” Three months later, Qihoo 360 sold a package of assets under the banner ‘Project L’, which the TTP investigation believes contained Lemon Seed based on the description of its acquisition date in the public filing.

VPN 135

VPN Mobile Government Technology 135

Troy Hunt

OCTOBER 13, 2017

link] pic.twitter.com/qRUUCmz1SY — Troy Hunt (@troyhunt) October 12, 2017. For example, there was CloudPets earlier this year and frankly, I think we can be a lot less "legal-speak" and a lot more honest about the real world risks of IoT devices like these: Speaking of pets, you know what real pets love?

IoT 280

IoT Hacking Risk Mobile 280

Krebs on Security

DECEMBER 12, 2018

For years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicant’s credit score — the most widely used being the score developed by FICO , previously known as Fair Isaac Corporation. Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.

Cyber Risk 253

Cyber Risk Energy and Utilities Risk Marketing 253

Security Affairs

OCTOBER 16, 2024

CrowdStrike’s investigation reveals that USDoD’s leader, Luan BG, has been a hacktivist active since at least 2017. Exposing the identities of individuals in an intelligence report presents risks. More precise information was not revealed to TecMundo so as not to completely expose the attacker’s identity.”

Data breaches 127

Data breaches Media Cybercrime Accountability 127

Schneier on Security

MAY 8, 2018

Even though campaign managers recognize there is a high probability that campaign and personal emails are at risk of being hacked, they are more concerned about fundraising and press coverage than they are about cybersecurity.

Hacking 195

Hacking Cyber Attacks Cybersecurity Risk 195

Security Boulevard

DECEMBER 21, 2021

In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users.

Password Management 138

Password Management Passwords Risk Technology 138

Krebs on Security

MARCH 8, 2019

In the wake of Equifax’s epic 2017 data breach impacting some 148 million Americans, many people did freeze their credit files at the big three in response. This has been the reality for years, and was so well before Equifax announced its big 2017 breach. Consumers in every U.S. But Equifax has changed a few things since then.

Accountability 278

Accountability Identity Theft Authentication Passwords 278

Krebs on Security

JUNE 17, 2020

The CIA produced the report in October 2017, roughly seven months after Wikileaks began publishing Vault 7 — reams of classified data detailing the CIA’s capabilities to perform electronic surveillance and cyber warfare. A redacted portion of the CIA’s report on the Wikileaks breach. DIVIDED WE STAND, UNITED WE FALL.

Data breaches 353

Data breaches Security Awareness Surveillance Media 353

Krebs on Security

JULY 30, 2020

In 2017, I wrote about the increasing prevalence of “shimmers,” high-tech card skimming devices made to intercept data from chip card transactions. “Thus, provided iCVV is validated properly, the risk of counterfeit fraud was minimal. Unsurprisingly, thieves have known about this weakness for years.

Banking 363

Banking Malware Encryption Accountability 363

Krebs on Security

SEPTEMBER 14, 2020

.” When companies wish to link up with investors, what follows involves a legal process known as “due diligence” wherein each side takes time to research the other’s finances, management, and any lurking legal liabilities or risks associated with the transaction.

Scams 355

Scams Cryptocurrency Technology Accountability 355

Security Affairs

FEBRUARY 11, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IoT 140

IoT Accountability Authentication Hacking 140

Adam Levin

MARCH 27, 2019

million survivors of hurricanes Harvey, Irma and Maria as well as the 2017 California wildfires to an unspecified contractor. million disaster survivors at increased risk of identity theft and fraud. FEMA’s failure…. has placed approximately 2.3

Identity Theft 184

Identity Theft Accountability Risk Government 184

eSecurity Planet

DECEMBER 10, 2021

We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach.”. This vulnerability poses a significant real-world risk to affected systems.”. Further reading: Best Risk Management Software for 2021. Anybody using Apache Struts is likely vulnerable. More Vulnerable Products Expected.

Risk 135

Risk Software Cybersecurity Firewall 135

Security Affairs

MARCH 18, 2025

Since 2017, the vulnerability has been exploited by APT groups from North Korea, Iran, Russia, and China. This UI misrepresentation flaw (CWE-451) stops users from assessing file risks, aiding stealthy cyberattacks. ” concludes the report.

Cybercrime 70

Cybercrime Telecommunications Government Malware 70

Schneier on Security

SEPTEMBER 26, 2019

There is definitely a national security risk in buying computer infrastructure from a country you don't trust. The risk of discovery is too great, and the payoff would be too low. But we need to make these decisions to protect ourselves deliberately and rationally, recognizing both the risks and the costs. Our allies do it.

Surveillance 250

Surveillance Wireless Government Internet 250

Security Affairs

NOVEMBER 23, 2024

Microsoft states that phishing heavily targets financial services, risking losses like life savings. Microsoft has tracked Nady, linked to phishing services since 2017. Multiple threat actors purchased the kits developed by Nady and used them in widespread phishing campaigns to steal credentials of Microsoft customer accounts.

Phishing 73

Phishing Cybercrime Financial Services Media 73

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. This is just one of many risks to our normal civilian computer supply chains. “If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.”

Software 363

Software Cybersecurity Backups Manufacturing 363

IT Security Guru

AUGUST 17, 2023

The 2023 Edition of the National Risk Register predicts that, in the next two years, there is a 5 to 25% chance that a devastating attack will target critical infrastructure and cause physical harm. Meanwhile, cyberattacks are getting more sophisticated, increasing the risk of threats such as supply chain attacks and ransomware.

Risk 98

Risk Healthcare Passwords Government 98