February, 2022

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Schneier on Security

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so.

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Weekly Update 281

Troy Hunt

I feel like perfect audio remains an unsolved problem for me.

236
236

Which Types Of Encryption Will Remain Secure As Quantum Computing Develops – And Which Popular Ones Will Not

Joseph Steinberg

As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Could That QR Code Actually Be a Phishing Attack?

Lohrman on Security

The FBI recently warned consumers that some QR codes can lead to fraud and steal victim funds if scanned into smartphones. Let’s explore this growing trend

GUEST ESSAY – A primer on ‘WAAP’ – an approach to securing APIs at the web app layer

The Last Watchdog

One could make the argument that Application Programming Interfaces — APIs – are a vital cornerstone of digital transformation. Related: How a dynamic WAF can help protect SMBs. APIs interconnect the underlying components of modern digital services in a very flexible, open way. This has resulted in astounding innovations in cloud services, mobile computing, IoT systems and agile software development.

More Trending

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it?

I Wanna Go Fast: How Many Pwned Password Queries Can You Make Per Second?

Troy Hunt

I feel the need, the need for speed. Faster, Faster, until the thrill of speed overcomes the fear of death. If you're in control, you're not going fast enough. And so on and so forth.

The Irony of InfoSec’s Reaction to Crytpo, NFTs, and Web3

Daniel Miessler

There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3. Mostly, it’s horribly negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate.

Planning for a Nation-State Cyber Attack — Are You Ready?

Lohrman on Security

Some global experts are predicting a significant cyber attack against U.S. and UK critical infrastructure if Russia invades Ukraine. Whether it happens or not, is your organization prepared for this scenario?

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Anton and The Great XDR Debate, Part 3

Anton on Security

TLDR: no, this post still does not contain the Ultimate Answer for XDR, Life and Everything Question. Moreover, I don’t think anything ever will. While we discuss XDR , the market forces change the definitions, vendors pivot away, analysts ponder, customers cry… well, the cyber-usual.

Bypassing Apple’s AirTag Security

Schneier on Security

A Berlin-based company has developed an AirTag clone that bypasses Apple’s anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apple’s anti-stalker security only works with iPhones.

Russia Sanctions May Spark Escalating Cyber Conflict

Krebs on Security

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine.

Weekly Update 284

Troy Hunt

A little late this week as the tail end of travel bites into my time, but it's nice to be home again (albeit amidst a period of record rainfall).

Mobile 189

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? Related: How IAM authenticates users. Here are a few important issues that relate to the changes in today’s working environment. Reduce manual processes. Automation can help get rid of manual processes. Every company has a certain employee turnaround, and how they handle it can directly affect their bottom line.

CISO 150

California’s Cybersecurity Chief Shares Priorities and Plans

Lohrman on Security

Vitaliy Panych, the California chief information security officer, discusses cyber defenses and government strategic plans, plus his his career and tech priorities.

Who Does What In Cloud Threat Detection?

Anton on Security

This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection. Funny enough, some popular shared responsibility model visuals don’t even include detection, response or security operations. Mildly embarrassing, that.

Secret CIA Data Collection Program

Schneier on Security

Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans. The senator’s statement. Some declassified information from the CIA. No real details yet

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Red Cross Hack Linked to Iranian Influence Operation?

Krebs on Security

A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group.

Weekly Update 283

Troy Hunt

A super quick intro this week as I take a bit of time out before a hectic week. It's hotel room quality audio this week, but that's a temporary state before I'm back home next week. I hope you entry week 283, so much FUD to debunk on website identity verification.

GUEST ESSAY: Can Apple’s pricey ‘Business Essentials’ truly help SMBs secure their endpoints?

The Last Watchdog

Today’s operating system battleground has long been defined by the warfare between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s iOS. Related: Co ok vs. Zuckerberg on privacy. While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick.

Free CyberSecurity Advice For Journalists In Ukraine

Joseph Steinberg

For Journalists In Ukraine: I am happy to discuss cyber safety with you – at no cost to you. If you would like to speak with me, please either contact me via my website or message me on social media. Stay safe! Joseph.

Google Cybersecurity Action Team Threat Horizons Report #2 Is Out!

Anton on Security

This is my completely informal, uncertified, unreviewed and otherwise unofficial blog inspired by my reading of our second Threat Horizons Report ( full version , short version ) that we just released ( the official blog for #1 is here ). Google Cybersecurity Action Team My favorite quotes follow below: “Threat actors have been known to use tools native to the Cloud environment rather than downloading custom malware or scripts to avoid detection.

An Elaborate Employment Con in the Internet Age

Schneier on Security

The story is an old one, but the tech gives it a bunch of new twists : Gemma Brett, a 27-year-old designer from west London, had only been working at Madbird for two weeks when she spotted something strange.

IRS To Ditch Biometric Requirement for Online Access

Krebs on Security

The Internal Revenue Service (IRS) said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agency’s website.

Weekly Update 282

Troy Hunt

Just listening back to this now, I'm really happy with the Focusrite Scarlett Solo DAC that has replaced the old setup. Super simple, one of the cheapest of all the options and just works! Good times.

170
170

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. In effect, my passwords are now “keys” — and I must authenticate across many accounts, multiple times per day, on a variety of device platforms.

Shift Left API Security Testing: The Manual API Testing Process

CyberSecurity Insiders

By Matt Tesauro, Noname Security. As the number and complexity of APIs continue to grow, companies face increasing challenges when securing their APIs. The dilemmas facing companies I’ve worked at include: Not enough security team members know how to test APIs.

Aeris Adds AI Capability to Secure IoT Platforms

Security Boulevard

Aeris today updated a cloud service that leverages machine learning and other forms of artificial intelligence to secure internet of things (IoT) platforms connected via cellular networks.

IoT 114

The EARN IT Act Is Back

Schneier on Security

Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen. Richard Blumenthal (D-CT) and Sen.

IRS: Selfies Now Optional, Biometric Data to Be Deleted

Krebs on Security

The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov.

How Everything We're Told About Website Identity Assurance is Wrong

Troy Hunt

I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful: Why are you still claiming this @digicert ?

GUEST ESSAY: Successful tactics threat actors leverage to probe, compromise vulnerable networks

The Last Watchdog

When new vulnerabilities re announced or flaws are discovered in public or “off the shelf” applications, several things happen. News spreads of the risks while attackers and security professionals alike begin searching for potential attack targets for the purpose of exploiting or protecting them. Related: How GraphQLs expanded the attack surface. When Log4Shell first hit the street, we immediately saw attacks against almost every one of our customers.