Troy Hunt

MAY 29, 2018

Back in August, I pushed out a service as part of Have I Been Pwned (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches via both a downloadable file and an online service. This was in response to NIST's Digital Identity Guidelines and in particular, the following recommendation: When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospec

Passwords 267

Passwords Accountability Data breaches Password Management 267

Schneier on Security

MAY 31, 2018

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements.

Scams 263

Scams Marketing Government Cyber Attacks 263

WIRED Threat Level

MAY 15, 2018

Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam.

Hacking 112

Hacking 112

Lenny Zeltser

MAY 7, 2018

This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations. Determine your write-up’s objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives.

Technology 111

Technology 111

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

eSecurity Planet

MAY 2, 2018

Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.

111

111

Elie

MAY 30, 2018

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

Accountability 107

Accountability Artificial Intelligence Engineering Retail 107

Schneier on Security

MAY 2, 2018

This is interesting: Creating these defenses is the goal of NIST's lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant electrical power and use circuitry far more limited than the chips found in even the simplest cell phone.

IoT 235

IoT Encryption 235

WIRED Threat Level

MAY 3, 2018

On World Password Day, Twitter discloses a major gaffe that left user passwords potentially vulnerable.

Passwords 111

Passwords 111

Dark Reading

MAY 17, 2018

Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.

95

95

Thales Cloud Protection & Licensing

MAY 10, 2018

In past years’ Thales Data Threat Reports, we asked IT security pros around the world separate questions about whom they believed were the riskiest internal threats and external threats. The results were useful but didn’t allow us to compare which category proved most worrisome. This year, we restructured the two separate questions into a single one, and that gave us some very interesting results about who worries these IT security professionals the most.

Threat Reports 76

Threat Reports Data breaches Network Security 76

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Elie

MAY 30, 2018

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

Accountability 91

Accountability Artificial Intelligence Engineering Retail 91

Troy Hunt

MAY 31, 2018

I've been at the AusCERT conference this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: Off to #AusCERT2018 ! It’s all blue outside today, what an awesome day for a short walk from home ??

Information Security 175

Information Security Data breaches Hacking 175

Schneier on Security

MAY 14, 2018

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.

Encryption 216

Encryption Backups Accountability Software 216

WIRED Threat Level

MAY 28, 2018

We mined roughly 13 Bitcoins and then ripped up our private key. We were stupid—but not alone.

111

111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

MAY 29, 2018

One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.

91

91

eSecurity Planet

MAY 7, 2018

Using SQL injection, hackers can wreak havoc on databases and data-driven applications. Fortunately, there are ways to reduce SQL injection risk.

Risk 73

Risk 73

Lenny Zeltser

MAY 21, 2018

When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for information security and privacy policies, which are written by subject-matter experts for people who lack the expertise.

Cybersecurity 70

Cybersecurity Information Security 70

Troy Hunt

MAY 17, 2018

We're on a beach! It's the day after 3 pretty intense days of NDC conference and the day before Scott heads back to the UK so beach was an easy decision. The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again.

165

165

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MAY 15, 2018

Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant.

Artificial Intelligence 203

Artificial Intelligence Technology 203

WIRED Threat Level

MAY 2, 2018

The troubled data firm, which improperly accessed the data of up to 87 million Facebook users, has ceased operations.

110

110

Dark Reading

MAY 24, 2018

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

Data breaches 89

Data breaches 89

eSecurity Planet

MAY 17, 2018

Our guide to the top managed security service providers (MSSPs), based on their ratings in analyst reports the Gartner Magic Quadrant and the IDC MarketScape Vendor Assessment.

72

72

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Thales Cloud Protection & Licensing

MAY 29, 2018

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. It’s no surprise feelings of vulnerability are high, with just 8 per cent of businesses not feeling at risk.

Data breaches 70

Data breaches Risk Education Cybercrime 70

Troy Hunt

MAY 1, 2018

The more time that goes by and the more deeply I give it thought, the more convinced I am that the web is held together with sticky tape. No - cyber-sticky tape! Because especially when it comes to security, there are fundamental and inherent shortcomings in everything from HTTP to HTML and many of the other acronyms that make the web work as it does today.

Government 154

Government 154

Schneier on Security

MAY 14, 2018

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote : We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

Encryption 202

Encryption 202

WIRED Threat Level

MAY 23, 2018

Cisco researchers discover a new router malware outbreak that might also be the next cyberwar attack in Ukraine.

Malware 110

Malware 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

MAY 17, 2018

Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.

Authentication 86

Authentication 86

eSecurity Planet

MAY 29, 2018

As cloud computing moves to the edge of network, organizations will face new security challenges.

68

68

Threatpost

MAY 10, 2018

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.

Ransomware 67

Ransomware Malware Hacking 67

Troy Hunt

MAY 3, 2018

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now. But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things.

154

154

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams