January, 2022

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before.

IRS Will Soon Require Selfies for Online Access

Krebs on Security

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data.

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Schneier on Security

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!”

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of…

Anton on Security

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF].

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

More Trending

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency.

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Joseph Steinberg

Zero Trust. A seemingly simple term that appears in pitches sent to me several times a day by cybersecurity product and services vendors that are seeking media exposure.

China’s Olympics App Is Horribly Insecure

Schneier on Security

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

Left of SIEM? Right of SIEM? Get It Right!

Anton on Security

This post is perhaps a little basic for true SIEM literati, but it covers an interesting idea about SIEM’s role in today’s security. I suspect that this topic will become even more fascinating in light of the appearance of XDR ?—?but

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Will the Ukraine Conflict Lead to More Global Cyber Attacks?

Lohrman on Security

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

Weekly Update 279

Troy Hunt

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to.

Retail 204

Norton 360 Now Comes With a Cryptominer

Krebs on Security

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers.

The FBI Warns About A Google Voice Scam That Is Not New, But Still Finding Plenty Of Victims

Joseph Steinberg

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned?

Scams 208

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

San Francisco Police Illegally Spying on Protesters

Schneier on Security

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests.

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.

20 Years of SIEM: Celebrating My Dubious Anniversary

Anton on Security

20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.

Weekly Update 278

Troy Hunt

I recorded this a week after Charlotte appeared with me, fresh out of isolation with a negative COVID test. However. 9 year old Elle had tested positive on Monday (albeit entirely symptomatic, so no idea how long she'd been positive) but hey, hopefully she'd be clear today.

177
177

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.

Chip Implants: Opportunities, Concerns and What Could Be Next

Lohrman on Security

There were new developments in 2021 regarding implanting microchips into humans. So what plans were announced for 2022? And just as important, what are the privacy and security ramifications

176
176

Tracking Secret German Organizations with Apple AirTags

Schneier on Security

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency.

GUEST ESSAY: Data breaches across the globe slowed significantly in Q4 2021 versus Q1-Q3

The Last Watchdog

After a gloomy start with its first three breach intensive quarters, 2021 has finally ended, and on a positive note. Related: Cybersecurity experts reflect on 2021. This conclusion is derived from an analysis of data taken from our data breach detection tool, Surfshark Alert , which comprises publicly available breached data sets to inform our users of potential threats.

Cyber Security Expert Joseph Steinberg To Serve On Newsweek Expert Forum In 2022

Joseph Steinberg

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum last year, will continue serving as a member throughout 2022.

Introducing Cisco Responsible AI – Enhancing Technology Transparency and Customer Trust

Cisco Retail

Artificial Intelligence (AI) is increasingly part of our everyday lives, and this transformation requires a thoughtful approach to innovation.

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

Most Popular Cybersecurity Blog Posts from 2021

Lohrman on Security

What were the top government security blog posts in 2021? These metrics tell us what cybersecurity and technology infrastructure topics were most popular in the past year

People Are Increasingly Choosing Private Web Search

Schneier on Security

DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big.

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022. This is so because a confluence of developments in 2021 has put API security in the spotlight, where it needs to be.

How CyberSecurity Technology Companies Can Stand Out In A Crowded Field

Joseph Steinberg

Top cybersecurity influencer, Joseph Steinberg, was recently interviewed by Bob Geller, President of Fusion PR, as part of the latter’s series of monthly interviews of influential people in the world of public relations.

North Korean Hackers Using Windows Update Service to Infect PCs with Malware

The Hacker News

The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives.

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language.

What’s Really the Reason Behind ‘The Great Resignation’?

Lohrman on Security

People changed jobs in record numbers in 2021, and 2022 is projected to bring more of the same. So what’s behind these trends? Let’s explore with the results of a new study from PlanBeyond.

146
146

Are Fake COVID Testing Sites Harvesting Data?

Schneier on Security

Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results.