April, 2021

Explaining Threats, Threat Actors, Vulnerabilities, and Risk Using a Real-World Scenario

Daniel Miessler

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security terminology. Casey also added that Acceptable Risk would be being willing to get punched in the face.

Risk 264

Leaving WhatsApp – Treating the Symptom, Not the Cause

Javvad Malik

A few months ago, many people were riled up over the proposed updates to WhatsApp terms and conditions. The popular messaging service which was acquired by Facebook in 2014 for $16bn, was apparently updating its Ts and Cs which users had to either accept or choose to leave.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

What Are You NOT Detecting?

Anton on Security

What are you not detecting? OK, what threats are you NOT detecting? Still didn’t help? What I mean here is: are you thinking about these: Threats that you don’t need to detect due to your risk profile, your threat assessment, etc. Threats that you do need to detect, but don’t know how. Threats that you do need to detect and know how, but cannot operationally (e.g. your SIEM will crash if you inject all the cloud logs). Threats that you do need to detect and know how, but do not (yet?)

Risk 116

LinkedIn Email Subjects Remain The Top-Clicked Social Media Phishing Scams in 2021

Hot for Security

A recent study analyzing the most effective social media phishing scams shows that LinkedIn-related emails were among the most successful entry points in the first quarter of 2021.

Media 107

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

6 Most Common Web Security Vulnerabilities (And How To Tackle Them)


As a business, your website is your online headquarters. A security breach on your website is equal to someone breaking into your office and stealing your business records and information about your customers.

Passwordstate password manager hacked in supply chain attack

Bleeping Computer

Click Studios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks. [.]. Security

More Trending

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

Troy Hunt

The headline is pretty self-explanatory so in the interest of time, let me just jump directly into the details of how this all works.

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned.

Ransomware: 8 Things That You Must Know

Joseph Steinberg

While ransomware may seem like a straightforward concept, people who are otherwise highly-knowledgeable seem to cite erroneous information about ransomware on a regular basis. As such, I would like to point out 8 essential points about ransomware.

The Grey Brick That Changed the World: The Nintendo Game Boy

Doctor Chaos

This week marked an important anniversary; Nintendo’s original Game Boy turned 31. The monochrome system, or more accurately a yellowish and 4 shades of grey system, may have been one of the most significant devices in the 20th century. The 8-bit system was released to the world on April 21st, 1989.

Mobile 208

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Adam Levin Discusses Facebook Data Leak on NPR

Adam Levin

Adam Levin spoke with NPR about the recent data archive of over 500 million Facebook accounts found on a hacking forum. “It’s serious when phone numbers are out there. The danger when you have phone numbers in particular is a universal identifier,” said Levin. Read the article here.

Backdoor Added — But Found — in PHP

Schneier on Security

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits , with the subject “fix typo” and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users.

Welcoming the Romanian Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains.

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Mobile 258

Five Interesting Israeli CyberSecurity Companies

Joseph Steinberg

Back in 2015 and 2017, I ran articles in Inc. about various innovative Israeli startups , in which I featured firms that I selected based on numerous discussions that I had had with tech-company CEOs and with journalists who cover the Israeli startup scene.

Idaho CISO Shares Experience from Public, Private Sectors

Lohrman on Security

CISO 174

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

The Last Watchdog

Google was absolutely right to initiate a big public push a couple of years ago to make HTTPS Transport Layer Security (TLS) a de facto standard. Related: Malicious activity plagues the cloud services. At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. Far beyond just protecting websites, TLS has proven to be a linchpin of network-level communications across the board. Guess who else has been leveraging TLS?

When AIs Start Hacking

Schneier on Security

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth.

Data Breaches, Class Actions and Ambulance Chasing

Troy Hunt

This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020.

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles.

Mobile 244

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Joseph Steinberg

Poorly-designed processes and shoddy information-systems, coupled with a prevailing atmosphere of general mismanagement, have created a privacy nightmare for Americans being vaccinated against COVID-19; some of the problems being created now will likely still impact people many years after the pandemic ends.

Three Years In: An Update on the Georgia Cyber Center

Lohrman on Security


MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

The Last Watchdog

Historically, consumers have had to rely on self-discipline to protect themselves online. Related: Privacy war: Apple vs. Facebook. I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking. Consumer-grade VPNs have steadily gained a large following.

B2C 166

Signal Adds Cryptocurrency Support

Schneier on Security

According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.”

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the world's most dangerous malware: Emotet.

Ubiquiti All But Confirms Breach Response Iniquity

Krebs on Security

How I pwned an ex-CISO and the Smashing Security Podcast

Javvad Malik

Disclaimer, this was a bit of fun with consent. But there are some worthwhile things to bear in mind. If you’re predictable, then criminals can take advantage of that.

CISO 141

NIST Releases Draft Guidance on Election Cybersecurity

Lohrman on Security

NEW TECH: DigiCert unveils ‘Automation Manager’ to help issue, secure digital certificates

The Last Watchdog

How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt? Related: Why it’s vital to secure IoT. Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how tenuous digital transformation sometimes can be. Someone reportedly forgot to renew Spotify’s TLS certificate. The outage lasted about an hour, until the certificate in question got renewed.

Wi-Fi Devices as Physical Object Sensors

Schneier on Security

The new 802.11bf standard will turn Wi-Fi devices into object sensors: In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals.

Weekly Update 238

Troy Hunt

"What a s**t week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media interviews.

Media 227

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States.

What if We Made Paying Ransoms Illegal?

Daniel Miessler

I was on Twitter the other day and saw someone suggest that we could fix people paying ransoms by making it illegal for them to do so. I was a bit flippant with my response.

Post-Pandemic Tech Job Market: The Good, Bad and Ugly

Lohrman on Security

As we emerge from the worst pandemic in a century, many public- and private-sector employees and employers are reassessing their options within technology and cybersecurity roles

The Grey Brick That Changed the World: The Nintendo Game Boy

Doctor Chaos

This week marked an important anniversary; Nintendo’s original Game Boy turned 31. The monochrome system, or more accurately a yellowish and 4 shades of grey system, may have been one of the most significant devices in the 20th century. The 8-bit system was released to the world on April 21st, 1989.

Mobile 130