Troy Hunt
DECEMBER 13, 2017
Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?
Schneier on Security
DECEMBER 15, 2017
Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
DECEMBER 5, 2017
The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol.
Dark Reading
DECEMBER 18, 2017
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
DECEMBER 20, 2017
Thanks to heightened consumer confidence, a rise in proximity payments adoption and ongoing developments in biometrics, the payments industry continued to undergo digital transformation throughout 2017. We’re now seeing big data play an increasing role in how retail sales and payments are being tailored to individual consumer’s preferences, and providers are adopting and integrating smarter, more efficient ways of completing the path-to-purchase.
Threatpost
DECEMBER 27, 2017
Ancestry.com closes parts of its community-driven genealogy site RootsWeb as it investigates a leaky server that exposed thousands of passwords, email addresses and usernames to the public internet.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
DECEMBER 1, 2017
A Turkish Airlines flight made an emergency landing because someone named his wireless network (presumably from his smartphone) "bomb on board.". In 2006, I wrote an essay titled " Refuse to be Terrorized." (I am also reminded of my 2007 essay, " The War on the Unexpected." A decade later, it seems that the frequency of incidents like the one above is less, although not zero.
WIRED Threat Level
DECEMBER 1, 2017
The Justice Department has struck a plea deal with Nghia Hoang Pho, a programmer in the NSA's elite operations unit, for taking his highly classified work home with him.
Dark Reading
DECEMBER 19, 2017
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
Thales Cloud Protection & Licensing
DECEMBER 19, 2017
As 2017 draws to a close, the trends and innovations that will shape the technology industry over the coming weeks, months and years were brought into sharper focus over the course of the last twelve months. Cloud computing has gone mainstream for many enterprises, and the Internet of Things (IoT) is changing how both industrial and consumer-oriented companies do business.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
eSecurity Planet
DECEMBER 20, 2017
The information, from data analytics firm Alteryx, was in an Amazon S3 bucket configured to provide any AWS user with access.
Troy Hunt
DECEMBER 20, 2017
This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect.
Schneier on Security
DECEMBER 12, 2017
Last month, the DHS announced that it was able to remotely hack a Boeing 757: "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration," said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate. "[Which] means I didn't have anybody touching the airplane, I didn't have an insider threat.
WIRED Threat Level
DECEMBER 9, 2017
In an age of nonstop breaches and hacks, here are ways to improve your online security based on your level of risk, from average user to NSA contractor.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
DECEMBER 5, 2017
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Thales Cloud Protection & Licensing
DECEMBER 11, 2017
A couple weeks ago I attended yet another successful AWS Re:Invent conference. For those of you that don’t already know, AWS Re:Invent is Amazon Web Services premier cloud conference for customers, partners, and industry professionals. There was a noticeable increase in attendance at this year’s show, and keynote presentations from AWS’ CEO Andy Jassy and Amazon.com’s VP & CTO Werner Vogels did not disappoint.
Threatpost
DECEMBER 28, 2017
Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public.
Troy Hunt
DECEMBER 12, 2017
I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it that should worry the masses and the one piece that suggests it's vulnerable has been pretty thoroughly debunked by Dan Goodin at Ars Technica.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Schneier on Security
DECEMBER 14, 2017
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don't see it replacing any of the good security guides out there, but instead augmenting them.
WIRED Threat Level
DECEMBER 13, 2017
The DDoS attack that crippled the internet last fall wasn't the work of a nation-state. It was three college kids working a *Minecraft* hustle.
Dark Reading
DECEMBER 15, 2017
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
Thales Cloud Protection & Licensing
DECEMBER 21, 2017
The nonprofit GDI Foundation has tracked close to 175,000 examples of misconfigured software and services on the cloud this year. As more and more organizations are moving to the cloud, the number of leaky servers is increasing. We have seen several AWS data leaks this year – from Booz Allen Hamilton to the WWE – that have left millions of private records exposed.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
eSecurity Planet
DECEMBER 29, 2017
As we inch closer to the end of the year, all brands have their eyes on the evolving marketing trends for 2018. To prepare, teams often start by brainstorming answers. The post The One Content Trend Essential to a Marketing Strategy in 2018 appeared first on Kapost Content Marketing Blog.
Troy Hunt
DECEMBER 28, 2017
It's Xmas! Well, it was Xmas but I (and hopefully you too) am still in that Xmas period haze where it's hard to tell one day from the next. Apparently, it's also hard to remember to hit record before talking about this week's updates so yeah, good one Troy! But I did eventually record a full update and in an otherwise slow news week, I thought I'd talk a little bit about Xmas down under in Australia.
Schneier on Security
DECEMBER 4, 2017
I agree with Lorenzo Franceschi-Bicchierai, " Cryptocurrencies aren't 'crypto' ": Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word "crypto" as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word "cryptocurrency" -- which probably shouldn't even be called "currency," by the way. [.].
WIRED Threat Level
DECEMBER 1, 2017
Further analysis of North Korea's latest ICBM launch shows that the country can likely land a nuclear weapon anywhere in the continental United States.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Dark Reading
DECEMBER 6, 2017
Updated version includes changes to some existing guidelines - and adds some new ones.
Threatpost
DECEMBER 14, 2017
A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. .
eSecurity Planet
DECEMBER 1, 2017
The data is unusually sensitive, including full credit card and bank account numbers as well as images of Social Security cards and driver's licenses.
Troy Hunt
DECEMBER 19, 2017
Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed?
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
275 
Let's personalize your content