This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.
By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers.
Facebook — along with Instagram and WhatsApp — went down globally today. Basically, someone deleted their BGP records, which made their DNS fall apart. …at approximately 11:39 a.m. ET today (15:39 UTC), someone at Facebook caused an update to be made to the company’s Border Gateway Protocol (BGP) records. BGP is a mechanism by which Internet service providers of the world share information about which providers are responsible for routing Internet traffic to which specifi
We choose this photo for the cover because this was when it all started. 18-year old Troy, having just discovered the web in early 1995 and chomping at the bit to do something with it. The full tale of what I first did (and how disastrous it ultimately became), is up front early in the book so I won't relay it here, but it's quite the story.
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
My admittedly epic (but dated) post “Security Correlation Then and Now: A Sad Truth About SIEM” mentioned the issue of TRUST as it applies to SIEM. Specifically, as a bit of a throwaway comment, I said “people write stupid string-matching and regex-based content because they trust it. They do not?—?en masse?—?trust the event taxonomies if their lives and breach detections depend on it.
Our Public Key Infrastructure is booming but also under a strain that manual certificate management workflows are not keeping up with. Related: A primer on advanced digital signatures. PKI and digital certificates were pivotal in the formation of the commercial Internet, maturing in parallel with ecommerce. With digital transformation leading to a boom in the use of digital certificates, our bedrock authentication and encryption framework is at an inflection point, where the demand and adoption
U.S. federal investigators today raided the Florida offices of PAX Technology , a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations. FBI agents entering PAX Technology offices in Jacksonville today.
U.S. federal investigators today raided the Florida offices of PAX Technology , a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations. FBI agents entering PAX Technology offices in Jacksonville today.
Public- and private-sector organizations are facing staffing shortages, especially in technical positions. But don’t forget to take care of your current staff, who may be struggling with burnout.
Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in. It turns out that the VP had approved over 10 different push-based messages for logins that he was not involved in.
A lot of cyber things this week: loads of data breach (or "scrape", In LinkedIn's case) incidents, Windows 11 upgrade experiences and then bricking my house courtesy of a Home Assistant update that fundamentally changed the Tuya integration. So pretty much "same, same but different" to every other week 🙂 References I've done another podcast with 1Password ("Crocodile Shower Privacy Settings with Troy Hunt" - yep!
Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Most of the people I know professionally and personally don’t spend a lot of time contemplating the true price we pay for the amazing digital services we’ve all become addicted to. Related: Blockchain’s role in the next industrial revolution. I’ll use myself as a prime example. My professional and social life revolve around free and inexpensive information feeds and digital tools supplied by Google, Microsoft, Amazon, LinkedIn, Facebook and Twitter.
A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.
The Cyber Incident Notification Act of 2021 would require reporting cyber incidents impacting critical infrastructure to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.
I feel sorry for the accused : The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday. American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passen
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Lots of little bits and pieces this week in a later and shorter than usual update. See the references for all the details, but plenty of cyber, some IoT weather station discussion and a bit of chatter around career and me deciding I want to do a "Hack Your Career More" talk once we all get back to doing events in person. Stay tuned for that last one in particular!
When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home. Related: T-Mobile breach reflects rising mobile device attacks. For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.
Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online.
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The National Association of State Chief Information Officers (NASCIO) Annual Conference was held this past week as a live event in Seattle for the first time in two years. What happened, and what’s next?
Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures. Recent findings highlight this cluster’s extensive knowledge of telecommunications protocols, including the emulation of these protocols to facilitate command and control (C2
Well this is a totally different office view! I'm properly getting into working more on the acoustics and aesthetics to make this the most productive environment possible which means this week things are in a bit of disarray due to ongoing works. Speaking of disarray, I've not been able to raise this week's sponsor in time so as I say in the video, their appearance on my blog this week is a bit. unusual.
Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it's publicly available knowledge. That doesn't stop it from being dangerous.
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Over the past five years, cryptocurrency exchanges have been the target of increasingly damaging “ 51% attacks ” resulting in the theft of over $30 million worth of cryptocurrency to date. Related: Wildland restores control of data to individuals. However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves.
The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity. In a long-overdue notice issued Sept. 30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before
I’ve been thinking of the best way to write this post for several days. Many drafts have ended up being deleted. Which, to be honest, doesn’t have the same visual satisfaction as seeing pages crumpled up into balls and tossed across the room into the bin. But here we are. Last week, KnowBe4, OneLogin, and Eskenzi PR partnered up to attempt to set the Guinness World Record for the Most views of A Cybersecurity Lesson Video on YouTube in 24 hours.
It’s not actually banned in the EU yet — the legislative process is much more complicated than that — but it’s a step: a total ban on biometric mass surveillance. To respect “privacy and human dignity,” MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of individuals in public spaces, saying citizens should only be monitored when suspected of a crime.
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
I had a bunch of false starts with this one. I don't know if it was just OBS or something else, but we got there after several failed attempts and me resorting to reading Gov Parson's nutty tweets until it all started working. "Nutty" is a bit of a theme this week not just with the Gov, but particularly Thingiverse's extraordinarily poor handling of their data breach.
CIOs must prioritize the same business imperatives and find the IT force multipliers to enable growth and innovation, according to a Gartner analyst during Gartner's IT Symposium.
MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. The list was published with the intent of raising awareness of common hardware weaknesses through CWE and educating designers and programmers on how to address them as part of the pr
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content