December, 2017

article thumbnail

I'm Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important

Troy Hunt

Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?

Banking 279
article thumbnail

Tracking People Without GPS

Schneier on Security

Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cryptojacking Has Gotten Out of Control

WIRED Threat Level

The practice of using a website visitor's device to mine cryptocurrency has expanded—and evolved—at an alarming rate.

article thumbnail

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. At its peak in September 2016, Mirai temporarily crippled several high-profile services such as. OVH. , Dyn. , and.

IoT 107
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Top 8 Cybersecurity Skills IT Pros Need in 2018

Dark Reading

Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.

article thumbnail

Cloud Leaks Continue: 123 Million U.S. Households' Personal Information Exposed Online

eSecurity Planet

The information, from data analytics firm Alteryx, was in an Amazon S3 bucket configured to provide any AWS user with access.

98

LifeWorks

More Trending

article thumbnail

Needless Panic Over a Wi-FI Network Name

Schneier on Security

A Turkish Airlines flight made an emergency landing because someone named his wireless network (presumably from his smartphone) "bomb on board.". In 2006, I wrote an essay titled " Refuse to be Terrorized." (I am also reminded of my 2007 essay, " The War on the Unexpected." A decade later, it seems that the frequency of incidents like the one above is less, although not zero.

Wireless 241
article thumbnail

Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet

WIRED Threat Level

Researchers found that network configuration errors have left thousands of high-end speakers open to epic audio pranking.

Internet 111
article thumbnail

2018 Predictions – Rise of IoT adoption will increase cybersecurity attacks

Thales Cloud Protection & Licensing

An unfortunate occurrence over the past few years has been that data breaches just keep getting bigger and impacting more people. This year, Equifax, Verizon, Wonga, Bell Canada and Hipchat were just a few of the companies that suffered from successful cyberattacks or leaks that resulted in sensitive data getting compromised. Even intelligence agencies such as the CIA and NSA are getting hit with data leaks – reaffirming that no one person or company can avoid the possibility that their data get

IoT 89
article thumbnail

NIST Releases New Cybersecurity Framework Draft

Dark Reading

Updated version includes changes to some existing guidelines - and adds some new ones.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

84 Percent of U.S. Healthcare Providers Have No Cyber Security Leader

eSecurity Planet

And just 11 percent plan to add one in the coming year.

article thumbnail

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect.

article thumbnail

"Santa Claus is Coming to Town" Parody

Schneier on Security

Funny.

article thumbnail

Snowden-Backed App 'Haven' Turns Your Phone Into a Home Security System

WIRED Threat Level

The NSA leaker's latest project aims to secure your computer—and you—from not just digital but physical attacks.

112
112
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Code Used in Zero Day Huawei Router Attack Made Public

Threatpost

Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public.

IoT 85
article thumbnail

How Good Privacy Practices Help Protect Your Company Brand

Dark Reading

Follow these five guidelines to keep your organization's data protected.

77
article thumbnail

Almost a Third of All U.S. Businesses Were Breached in 2017

eSecurity Planet

And almost half of those breaches were caused by a third-party vendor or contractor.

88
article thumbnail

Fixing Data Breaches Part 1: Education

Troy Hunt

We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem. My full written testimony is in that link and it talks about many of the issue we face today and the impact data breaches have on identity verification.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Security Planner

Schneier on Security

Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don't see it replacing any of the good security guides out there, but instead augmenting them.

227
227
article thumbnail

MobileCoin: A New Cryptocurrency From Signal Creator Moxie Marlinspike

WIRED Threat Level

MobileCoin aims to make cryptocurrency transactions quick and easy for everyone, while still preserving privacy and decentralization.

article thumbnail

Leaky RootsWeb Server Exposes Some Ancestry.com User Data

Threatpost

Ancestry.com closes parts of its community-driven genealogy site RootsWeb as it investigates a leaky server that exposed thousands of passwords, email addresses and usernames to the public internet.

article thumbnail

Malware Decompiler Tool Goes Open Source

Dark Reading

Avast's RetDec machine-code decompiler now available for free on Github.

Malware 77
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cloud Insecurity: Tens of Thousands of Full Credit Histories Exposed in Amazon S3 Bucket

eSecurity Planet

The data is unusually sensitive, including full credit card and bank account numbers as well as images of Social Security cards and driver's licenses.

Banking 84
article thumbnail

Face ID Stinks

Troy Hunt

I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it that should worry the masses and the one piece that suggests it's vulnerable has been pretty thoroughly debunked by Dan Goodin at Ars Technica.

202
202
article thumbnail

The "Extended Random" Feature in the BSAFE Crypto Library

Schneier on Security

Matthew Green wrote a fascinating blog post about the NSA's efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA's backdoor into the DUAL_EC_PRNG random number generator to weaken TLS.

225
225
article thumbnail

The Mirai Botnet Was Part of a College Student Minecraft Scheme

WIRED Threat Level

The DDoS attack that crippled the internet last fall wasn't the work of a nation-state. It was three college kids working a *Minecraft* hustle.

DDOS 112
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Protecting data for compliance and transformation

Thales Cloud Protection & Licensing

Until recently, it was nothing more than a buzzword bandied around across various industries. Now though, businesses everywhere are undergoing various forms of digital transformation as they look for ways to better interact with their end customers, whether consumer or corporate. Organisations are finding themselves under increasing pressure from their boards, all keen on moving their businesses forward technologically, to deliver the solutions and services they need to remain competitive in an

article thumbnail

Microsoft Office Docs New Vessel for Loki Malware

Dark Reading

Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.

Malware 76
article thumbnail

How Google Encrypts Data in the Cloud

eSecurity Planet

Google details its Application Layer Transport Security approach for securing data inside the cloud.

article thumbnail

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed?

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.