Cyber Security Informer

"Pwned", the Book, is Finally Here!

Troy Hunt

SEPTEMBER 8, 2022

The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. With our wedding being only next week, it just felt. Pat Phelan.

InfoSec

InfoSec Password Management Passwords IoT

Happy 14th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2023

Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. True story: At the time I was hired as a lowly copy aide by The Washington Post, all new hires — everyone from the mailroom and janitors on up to the executives — were invited to a formal dinner in the Executive Suite with the publisher Don Graham.

Phishing

Phishing Scams Mobile Advertising

Our Security of AI Papers and Blogs Explained

Anton on Security

APRIL 11, 2024

Moderately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. No Deep AI Security Secrets In This Post!

Artificial Intelligence

Artificial Intelligence Government Risk Technology

Smashing Security podcast #364: Bing pop-up wars, and the British Library ransomware scandal

Graham Cluley

MARCH 20, 2024

enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack. Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.

Ransomware

Ransomware Cybersecurity Data breaches Malware

Weekly Update 289

Troy Hunt

APRIL 1, 2022

This is such a tricky one; if their products sucked we could all just forget about them and go on with our day. I spend most of this week's video talking about this and perhaps what surprised me most, is even after that discussion there's a bunch of people asking product questions.

Passwords

Passwords Government

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions. Why you destroy our lifes? “Why you post us? .

Phishing

Phishing Cybercrime Malware Advertising

Pwned - The Collected Blog Posts of Troy Hunt (Preview)

Troy Hunt

OCTOBER 20, 2021

The full tale of what I first did (and how disastrous it ultimately became), is up front early in the book so I won't relay it here, but it's quite the story. I'm even in the story of how it became the internet's favourite taunt , again, somehow. The book title - Pwned - also seemed like a natural fit. Somehow. "Somehow"

Data breaches

Data breaches Internet Internet

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

MARCH 22, 2024

On March 14, KrebsOnSecurity published a story showing that Onerep’s Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

Media

Media Government Data breaches Marketing

Beyond Pleasantries: Understanding Kindness vs. Niceness

Jane Frankland

MARCH 12, 2024

Could these two seemingly synonymous words actually spell out different narratives in the screenplay of our lives? It’s the glossy finish on the surface of our day-to-day exchanges. It’s about understanding the value of being kind to yourself as well as to others. But is there more to it? Why Draw a Line?

Cyber Attacks

Cyber Attacks Authentication

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I didn’t know either of them, but I have been writing about cryptography, security, and privacy for decades. I thought about it a lot before agreeing.

Surveillance

Surveillance Computers and Electronics Encryption Government

Chinese Supply-Chain Attack on Computer Systems

Schneier on Security

FEBRUARY 13, 2021

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. Yes, it’s plausible.

Surveillance

Surveillance Government Internet Internet

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

SEPTEMBER 14, 2023

Leveraging WebAssembly’s sandboxing capabilities allows us to isolate potential risks, while Rust provides the memory safety essential for our modern internet applications. Our major platforms, tools integral to modern life, are now used as vehicles for misinformation and chaos. The trust deficit we experience today is palpable.

Internet

Internet Internet Technology Risk

New Zealand Election Fraud

Schneier on Security

NOVEMBER 13, 2020

It feels like writing this story was a welcome distraction from writing about the US election: “No one has to worry about the integrity of our bird election,” she told Radio New Zealand, adding that every vote would be counted.

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Krebs on Security

FEBRUARY 7, 2023

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. What stood out about the inquiry from Wall to Wall was that their researchers had already gathered piles of clues about the breach that I’d never seen before.

Media

Weekly Update 357

Troy Hunt

JULY 20, 2023

I doubt there is a more well known name in our industry but if he’s unfamiliar to you (or you haven’t read this book), go and grab “Ghost in the Wires” which is an exceptional read. Watch the demo today! 🤯 (the.mil conflation with.ml

InfoSec

New Paper: “Securing AI: Similar or Different?“

Anton on Security

SEPTEMBER 13, 2023

I want to share a few additional things here on top our official launch blog. Notice, for example, that I was asking every guest on these podcast episodes about their view of this topic. By the way, it became very clear to me that most sane people today are more concerned about data theft rather than about the freakin’ robot rebellion.

Artificial Intelligence

Artificial Intelligence CISO Software Government

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Anton on Security

JANUARY 10, 2024

So, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. But we realized we don’t have enough new profound reflections…. We do have a few fun new things!

Cloud Migration

Cloud Migration Government Network Security Risk

AppSec Is A Mess. Our Kids Are Paying The Price.

The Security Ledger

NOVEMBER 14, 2023

Like the actual favelas and shanty towns that have sprung up in developing nations over the last century, our application ecosystem is sprawling, unregulated, ad-hoc and prone to shocking. » Related Stories Sickened by Software? Read the whole entry. »

Software

Software Hacking Data breaches

Threat-informed or Threat-owned? Classic Practices Will Probably Save You!

Anton on Security

AUGUST 30, 2023

So, if you are too busy to read our amazing (duh!) You can do this, using ̶p̶o̶w̶e̶r̶f̶u̶l̶ ̶A̶I̶ ̶v̶o̶o̶d̶o̶o̶ ̶m̶a̶g̶i̶c̶ many of the approaches and practices ( our blog again has the details ) that you should have started doing years ago, but most never did. Don’t just read this blog about the blog, just read the blog.

Firewall

Firewall Software Threat Detection Cybersecurity

The Unyielding Call to Invest in Women on International Women’s Day

Jane Frankland

MARCH 8, 2024

International Women’s Day is one of those annual landmarks that shouldn’t just be about the magnolia-laden rhetoric and floral tributes. It’s about access, it’s about scaling opportunities, it’s about leveraging 50% of the global population to their fullest potential.

Banking

Banking Government Technology Cybersecurity

Juniper Support Portal Exposed Customer Device Info

Krebs on Security

FEBRUARY 9, 2024

George discovered that after logging in with a regular customer account, Juniper’s support website allowed him to list detailed information about virtually any Juniper device purchased by other customers. We are actively working to determine the root cause of this defect and thank the researcher for bringing this to our attention.”

Artificial Intelligence

Artificial Intelligence Healthcare Accountability Banking

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

“It’s hit like hell since about January of this year. Virtually all of these profiles were removed from LinkedIn after KrebsOnSecurity tweeted about them last week. “I wrote our LinkedIn rep and said we were considering closing the group down the bots were so bad,” Miller said.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

AUGUST 19, 2021

Reached via LinkedIn, Sociogram founder Oluwaseun Medayedupin asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were an inaccuracies in Hassold’s report. Open our letter at your email. Image: Abnormal Security. billion in 2020. Image: FBI.

Ransomware

Ransomware Social Engineering Cybercrime Scams

Dealing with stress, burnout and mental health

Cisco Security

MAY 21, 2021

In the latest episode of the Security Stories podcast , we welcome three leaders from Cisco Talos for a discussion on mental health, stress and burnout. Check it out on your podcast platform of choice, available via the Security Stories webpage. . Sharing our experiences.

More Attacks against Computer Automatic Update Systems

Schneier on Security

MAY 16, 2019

Studying this case, our experts found other samples that used similar algorithms. According to our researchers, the attackers either had access to the source code of the victims' projects or they injected malware at the time of project compilation, meaning they were in the networks of those companies. Me on supply chain security.

Malware

“Better OKRs Through Threat Modeling”

Adam Shostack

FEBRUARY 15, 2021

I really like how he doesn’t complain about the communication issues between security and management, but offers up a concrete suggestion for improvement. Improve defenses by adding one test case for each of STIDE per sprint to existing code for at least 75% of sprint stories. ”).

Episode 242: Hacking the Farm (and John Deere) with Sick Codes

The Security Ledger

SEPTEMBER 5, 2022

In our latest podcast, Paul caught up with Sick Codes (@sickcodes) to talk about his now-legendary presentation at the DEF CON Conference in Las Vegas, in which he demonstrated a hack that ran the Doom first person shooter on a John Deere 4240 touch-screen monitor. Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk.

Hacking

Hacking Cyber Risk Software Risk

Improvise, Adapt, Overcome: Building Security Resilience in a World of Uncertainty

Cisco Security

APRIL 26, 2022

For my very first interview for the Security Stories podcast , I met a wonderful person called Mick Jenkins, MBE. Mick is sadly no longer with us, but his story will stay with me forever. I’ve been thinking about those words a lot lately, and what they mean (for me, at least). Make it about something else.

CISO

CISO Data privacy Cybersecurity Technology

Our Security of AI Papers and Blogs Explained

Security Boulevard

APRIL 11, 2024

Moderately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. The post Our Security of AI Papers and Blogs Explained appeared first on Security Boulevard. source ) Related blogs: New Paper: “Securing AI: Similar or Different?“

Artificial Intelligence

Artificial Intelligence Government Risk Technology

The Asset Trap

Adam Shostack

DECEMBER 16, 2020

What are the Russians going to do with plans for our nuclear weapons? Plans for our next generation weapons may, indeed, be useful to them for finding weaknesses in those systems or copying them. Focusing in on assets helps us tell stories about those assets. This is assets in the sense of things which are valuable to us.

Government

Government Hacking

import alignment: A Library-based Approach to AI Alignment

Daniel Miessler

APRIL 2, 2023

There is much being said right now about the AI Alignment Problem. Russell argues that we need uncertainty built into our alignment efforts. We don’t know what AI will do when it wakes up, but we should try present it our best self. It would be hard for us to invite phytoplankton to our next city council meeting.

Information Security

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Security Boulevard

JUNE 25, 2023

Paul Asadoorian, OG security podcaster and host of the popular Paul’s Security Weekly podcast, joins us in this episode to talk about his career as one of the original security podcasters. The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Security Boulevard.

Firmware

Firmware Hacking Internet Internet

Philanthropy Spotlight: Tech Day of Pink Founder Michael W. Smith

SecureWorld News

OCTOBER 10, 2023

Our goal is to unite technologists and IT professionals worldwide around breast cancer awareness, education, and fundraising, maximizing the collective impact in the fight against breast cancer. What do you wish more people knew about Tech Day of Pink? At ELC, I know our employees will rally for the issues they deeply care about.

Education

Education Media Cybersecurity Mobile

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. “I’ve been using this login since about 2013 on all the forums where I register, and I don’t always set a strong password. .

Ransomware

Ransomware Accountability Cybercrime Backups

Every month should be Cybersecurity Awareness Month!

CyberSecurity Insiders

OCTOBER 26, 2021

While October is famous for National Cybersecurity Awareness Month , and we provide resources and recommendations for our customers, really every month should focus on this business-critical topic. Stories from the SOC. The most recent story is about detecting and remediating data exfiltration in our SOC for a customer.

Cybersecurity

Cybersecurity Threat Detection Energy and Utilities Ransomware

Is Love Better than Passion in Business & Cybersecurity?

Jane Frankland

FEBRUARY 14, 2024

And as I dive into this debate with you, I’m going to explore how nurturing a culture of love—where dedication, empathy, and connection thrive—can lead to more sustained and fulfilling corporate success stories in our cybersecurity field. Examples and Case Studies Some of the most enduring business stories are marked by love.

Cybersecurity

Cybersecurity Authentication Marketing Accountability

WTH is Modern SOC, Part 1

Anton on Security

DECEMBER 8, 2023

In recent weeks, coincidentally, I’ve had several conversations that reminded me about the confusion related to “modern SOC.” It is tempting to point at that approach, as we did in our original ASO paper , as the best model for modern “SOC” (even if you don’t want to call it “a SOC”, because the letter “O” is not truly relevant anymore).

Engineering

Engineering Phishing

Safer Internet Day, or why Brad Pitt needed an internet bodyguard

Malwarebytes

FEBRUARY 6, 2024

When I was asked to write about the topic, I misunderstood the question and heard: “can you cover save the internet” and we all agreed that it might be too late for that. While we laughed about it, it made me think. But in our defense, criminals have gotten a lot better at convincing us to do the “wrong” things.

Internet

Internet Internet Media Artificial Intelligence

GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles

The Last Watchdog

MAY 30, 2022

Better still, cybersecurity jobs offer the individuals who have served our country a fulfilling career. While veterans are well-suited to transition into cybersecurity, there is often a disconnect when raising awareness about these opportunities and outlining paths to entry.

Cybersecurity

Cybersecurity InfoSec Education Cyber threats

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

I spoke at length with Ravi Srivatsav and Venkat Thummisi of InsideOut Defense , and separately with Venkat Raghavan , founder and CEO of Stack Identity, all about reconstituting IAM. about the role of advanced wearable authentication devices, going forward. And thus they are destined to endure as our primary user interface.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

A compelling story

Cisco Security

JUNE 13, 2022

In cyber security, we are used to two types of stories. The first story is common for reports written by humans. The second story comes from machine detections. It is much terser in content and sometimes leaves us scratching our heads. Instead, they attempt to seek the first story type. The challenge.

DNS

DNS Engineering Authentication Malware

"Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06

Malwarebytes

MARCH 13, 2023

By just a few messages later, "Thomas Smith" had run off, refusing to respond to Holmes' follow-up requests about what body part she fancied, along with her preferred seasoning (paprika). And, there's the story of the fake Brad Pitt: " My favorite story is Brad Pitt and the the dead tumble dryer repairman. I'm not weird lol."

Scams

Scams Malware Accountability Cybersecurity

Hacking IoT Security with Aaron Guzman

Security Boulevard

AUGUST 30, 2021

Information security is no longer staying on our laptops and in our browsers. As our devices become increasingly interconnected too, we have to start thinking about the security of our IoT devices. We talk about the business, people, products, and culture of technology?—?with with a security twist.

IoT

IoT Hacking Education Technology

Kali Linux 2024.1 Release (Micro Mirror)

Kali Linux

FEBRUARY 27, 2024

As this is our the first release of the year, it does include new visual elements! Along with this we also have some exciting new mirrors to talk about, and of course some package changes - both new tools and upgrades to existing ones. Here’s the story. Hello 2024! Today we are unveiling Kali Linux 2024.1.

Software

Software Firmware VPN Internet

"Pwned", the Book, is Finally Here!

Happy 14th Birthday, KrebsOnSecurity!

Trending Sources

Our Security of AI Papers and Blogs Explained

Smashing Security podcast #364: Bing pop-up wars, and the British Library ransomware scandal

Weekly Update 289

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Pwned - The Collected Blog Posts of Troy Hunt (Preview)

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Beyond Pleasantries: Understanding Kindness vs. Niceness

Snowden Ten Years Later

Chinese Supply-Chain Attack on Computer Systems

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

New Zealand Election Fraud

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Weekly Update 357

New Paper: “Securing AI: Similar or Different?“

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

AppSec Is A Mess. Our Kids Are Paying The Price.

Threat-informed or Threat-owned? Classic Practices Will Probably Save You!

The Unyielding Call to Invest in Women on International Women’s Day

Juniper Support Portal Exposed Customer Device Info

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Wanted: Disgruntled Employees to Deploy Ransomware

Dealing with stress, burnout and mental health

More Attacks against Computer Automatic Update Systems

“Better OKRs Through Threat Modeling”

Episode 242: Hacking the Farm (and John Deere) with Sick Codes

Improvise, Adapt, Overcome: Building Security Resilience in a World of Uncertainty

Our Security of AI Papers and Blogs Explained

The Asset Trap

import alignment: A Library-based Approach to AI Alignment

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Philanthropy Spotlight: Tech Day of Pink Founder Michael W. Smith

A Closer Look at the Snatch Data Ransom Group

Every month should be Cybersecurity Awareness Month!

Is Love Better than Passion in Business & Cybersecurity?

WTH is Modern SOC, Part 1

Safer Internet Day, or why Brad Pitt needed an internet bodyguard

GUEST ESSAY: A Memorial Day call to upskill more veterans for in-demand cybersecurity roles

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

A compelling story

"Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06

Hacking IoT Security with Aaron Guzman

Kali Linux 2024.1 Release (Micro Mirror)

Stay Connected