Schneier on Security

AUGUST 25, 2021

Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

Internet 363

Internet Internet Surveillance VPN 363

Troy Hunt

AUGUST 12, 2021

More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path.

VPN 363

VPN 363

Krebs on Security

AUGUST 19, 2021

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363

Lohrman on Security

AUGUST 8, 2021

Exponential increases in global cyber crime. Ransomware crippling governments and businesses. Nations ignoring cyber criminals operating on their soil. The time for international cooperation on cybersecurity is now.

Government 324

Government Ransomware Cybersecurity 324

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Daniel Miessler

AUGUST 5, 2021

I’ve always been fascinated by security that was “just good enough” I think lots of security actually qualifies (see The News), but I think fencing (and maybe bike locks) take first prize. As a kid I used to love breaking into stuff. Nighttime construction sites. Abandoned buildings. Whatever. And the older I got the more I started paying attention to how silly most fences are.

Software 289

Software Risk Information Security 289

Anton on Security

AUGUST 30, 2021

As you are reading our recent paper “Autonomic Security Operations?—?10X Transformation of the Security Operations Center” , some of you may think “Hey, marketing inserted that 10X thing in there.” Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply “10X thinking” to many areas of security (at the same link , they say that sometimes it is “easier to make something 10 times better than it is to make it 10 percent better” ).

Engineering 273

Engineering Marketing Education Threat Detection 273

Troy Hunt

AUGUST 9, 2021

Today I'm very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber ​​Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains. Providing governments with greater visibility into the impact of data breaches on their staff helps protect against all manner of online attacks.

Government 363

Government Data breaches 363

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

Cryptocurrency 362

Cryptocurrency Malware Mobile Accountability 362

Lohrman on Security

AUGUST 15, 2021

Email tips abound, but lasting email etiquette is severely lacking at home and work in 2021.

284

284

Joseph Steinberg

AUGUST 5, 2021

(I co-wrote this article with Mark Lynd , CISSP, ISSAP & ISSMP, Head of Digital Business at NETSYNC.). While leveraging cyber-liability insurance has become an essential component of cyber-risk mitigation strategy, cyber-liability offerings are still relatively new, and, as a result, many parties seeking to obtain coverage are still unaware of many important factors requiring consideration when selecting a policy.

Insurance 258

Insurance Cyber Insurance Artificial Intelligence Ransomware 258

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Last Watchdog

AUGUST 19, 2021

TMobile has now issued a formal apology and offered free identity theft recovery services to nearly 48 million customers for whom the telecom giant failed to protect their sensitive personal information. At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Related: Kaseya hack worsens supply chain risk.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Schneier on Security

AUGUST 19, 2021

It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers , driver’s license information, and IMEI numbers , unique identifiers tied to each mobile device.

Mobile 363

Mobile Data breaches Phishing Cybercrime 363

Troy Hunt

AUGUST 18, 2021

Today I'm really excited to announce a big piece of work 1Password and I have been focusing on this year, a totally free video series called "Hello CISO" This is a multi-part series that launched with part 1 and when I say "free", I don't mean "give us your personal data so we can market to you", I mean here it is, properly free: This is intended to be a very practical, broadly accessible series and whilst it has "CISO" in the title, we expect it'll

CISO 72

CISO InfoSec Mobile Marketing 72

Krebs on Security

AUGUST 9, 2021

I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com ,” wrote “ Mitch ,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.” Th

Phishing 362

Phishing Cybercrime Accountability Advertising 362

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Lohrman on Security

AUGUST 22, 2021

The desperate images coming out of Afghanistan following the Taliban’s takeover last weekend underline the importance of technology and the real-life impacts when planning goes well — or not so well.

Technology 266

Technology 266

Joseph Steinberg

AUGUST 16, 2021

Two recent ransomware attacks successfully breached computers at wastewater management plants in the US State of Maine , according to a statement by the state’s Department of Environmental Protection. While the two cyberattacks, which hit facilities in the towns of Mount Desert and Limestone in the US’s most northeastern state, are believed to have posed no threat to human safety, they were far from benign, and have raised serious concerns about the potential danger to human life created b

Risk 246

Risk Ransomware Cybersecurity Artificial Intelligence 246

The Last Watchdog

AUGUST 23, 2021

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce. Related: Employees as human sensors. As of 2018, more than 2 million people were working abroad for U.S. companies in China alone.

Internet 223

Internet Internet Government Risk 223

Schneier on Security

AUGUST 20, 2021

In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.

Surveillance 363

Surveillance 363

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

AUGUST 5, 2021

The greatest gift I can give my kids is a love of technology. I mean after all the usual Maslow's hierarchy of needs stuff , of course, the thing that I (and many of my readers) can instil in our kids is a deep passion for this life-altering and possibly career-defining thing that increasingly defines our everyday being. And without doubt, the best educational technology thing I've ever brought home is my Prusa 3D printer.

Education 72

Education Technology Software Retail 72

Krebs on Security

AUGUST 13, 2021

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.

Cryptocurrency 337

Cryptocurrency Marketing Ransomware Financial Services 337

Lohrman on Security

AUGUST 29, 2021

From cryptocurrency thefts to hacking bank accounts, SIM swapping is a growing threat online. Here are relevant definitions, real-world examples and tips to help stop cyber criminals.

Cyber threats 260

Cyber threats Cryptocurrency Banking Accountability 260

Joseph Steinberg

AUGUST 3, 2021

The Global Foundation for Cyber Studies and Research (GFCyber) announced today that it has launched Cyber Insights , a new digital magazine that aims to help readers stay informed about contemporary cyber-related issues and their potential ramifications, from the perspectives of policy, practice, and technology. Cyber Insights provides policymakers and tech leaders with guidance and suggestions as to what issues they should ponder, and discusses associated challenges and concerns that might war

Artificial Intelligence 246

Artificial Intelligence Technology Cybersecurity 246

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

AUGUST 18, 2021

So NortonLifeLock has acquired Avast for more than $8 billion. This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering. Related: The coming of ubiquitous passwordless access.

Antivirus 223

Antivirus Marketing Identity Theft Social Engineering 223

Schneier on Security

AUGUST 10, 2021

Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. ( Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes : There are two main features that the company is planning to install in every Apple device.

Surveillance 363

Surveillance Encryption Accountability 363

Troy Hunt

AUGUST 13, 2021

Well this week went on for a bit, an hour and 6 mins in all. The 2 Apple things were particularly interesting due to the way in which both catching CSAM baddies and catching baddies who steal your things involves using technology that can be abused. Is it good tech because it can do good things? Bad tech because it can do bad things? Or is tech just morally neutral and we need to look at it more holistically?

Technology 341

Technology 341

Krebs on Security

AUGUST 16, 2021

Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.

Mobile 336

Mobile Data breaches Accountability Wireless 336

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 19, 2021

All departments of an organization need to be on the same page where cybersecurity is concerned, and that will only happen if the terminology used is understood by all.

Cyber Risk 218

Cyber Risk Risk Cybersecurity 218

Adam Shostack

AUGUST 9, 2021

Twenty-five years ago I published a set of code review guidelines that I had crafted while working for a bank. I released them (thanks, SteveMac!) to get feedback and advice, because back then, there was exceptionally little in terms of practical advice on what we now call AppSec. Looking back at what’s there: it’s explicitly a review document for a firewall group, taking code that’s ‘thrown over a wall’ to be run and operated by that group.

Banking 200

Banking Firewall Engineering Software 200

The Last Watchdog

AUGUST 4, 2021

A cornucopia of cybersecurity solutions went on public display today as Black Hat USA 2021 convened once more as a live event in Las Vegas. Related: Kaseya hack raises more supply chain worries. For small- and mid-sized businesses (SMBs) cutting through the marketing hype can be daunting. That said, there is one venerable technology – web application firewalls ( WAFs) – that is emerging as a perfect fit for SMBs in today’s environment, as all companies shift to a deeper reliance on cloud service

Mobile 214

Mobile Marketing Risk Digital transformation 214

Schneier on Security

AUGUST 9, 2021

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard. Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization.

Encryption 364

Encryption Hacking 364

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams