Troy Hunt

OCTOBER 13, 2017

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack , the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad. then totally screwing up the security.

IoT 279

IoT Risk Mobile Hacking 279

Thales Cloud Protection & Licensing

OCTOBER 19, 2017

Since the early days of his career as a software developer, Derek Tumulak has had a fascination with building things – a skill that has served him well throughout his career in the technology industry. He began his professional path at the tech giants of Microsoft and Netscape. He was a software developer, striving to find “elegant ways to solve complex problems,” he says.

Cyber Attacks 73

Cyber Attacks Marketing Software Technology 73

NopSec

OCTOBER 31, 2017

IT Security and Risk teams in every organization have one common goal: to protect the company’s data from breaches by strengthening its security posture. Each member of the team has different goals (that work towards the common goal) depending on their roles. While the Engineers and Analysts are more focused on the day to day remediation of vulnerabilities, CISOs and upper level management are more concerned with the overall strategic role of cybersecurity within the organization’s goals.

Risk 52

Risk CISO Cybersecurity Engineering 52

Elie

OCTOBER 13, 2017

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

Ransomware 48

Ransomware Cybersecurity 48

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Falcon's View

OCTOBER 31, 2017

October was National Cybersecurity Awareness Month. Since today is the last day, I figured now is as good a time as any to take a contrarian perspective on what undoubtedly many organizations just did over the past few weeks; namely, wasted a lot of time, money, and good will. Most security awareness programs and practices are horrible BS. This extends out to include many practices heavily promoted by the likes of SANS, as well as the current state of "best" (aka, failing miserably) practices.

Security Awareness 40

Security Awareness InfoSec Education Passwords 40

Spinone

OCTOBER 17, 2017

Dear contributors, As you know, the ICO market is constantly changing, and the regulations differ based on jurisdiction. As a US based company with an extensive customer portfolio, Spinbackup wants to make sure we proceed in compliance with the US law and regulations. Our primary focus is to keep our investors, customers, and potential token holders satisfied.

Marketing 40

Marketing 40

Thales Cloud Protection & Licensing

OCTOBER 25, 2017

Cyberattacks continue to grow more sophisticated and persistent. To combat threats and keep data safe, IT teams must employ robust encryption, key management, and access controls. This is especially true for information held in storage environments, which can contain an organization’s most vital assets. To secure storage, many organizations have been leveraging native encryption offerings from their storage vendors.

Encryption 69

Encryption 69

ForAllSecure

OCTOBER 10, 2017

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

Technology 40

Technology Software 40

Elie

OCTOBER 13, 2017

This blog post exposes the cybercriminal groups that dominate the ransomware underworld, and analyzes the reasons for their success. This is the third and final blog post of my series on ransomware economics. The first post was dedicated to the methodology and techniques developed to trace ransomware payments from end to end. The second post shed light on the inner workings of ransomsphere economics.

Ransomware 91

Ransomware Marketing Encryption Malware 91

The Falcon's View

OCTOBER 29, 2017

Anton Chuvakin and I were having a fun debate a couple weeks ago about whether incremental improvements are worthwhile in infosec, or if it's really necessary to "jump to the next curve" (phrase origin: Guy Kawasaki's " Art of Innovation ," watch his TedX ) in order to make meaningful gains in security practices. Anton even went so far as to write about it a little over a week ago (sorry for the delayed response - work travel).

InfoSec 40

InfoSec Risk 40

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Kali Linux

OCTOBER 18, 2017

WPA2 Key Reinstallation AttaCK or KRACK attack Recently, Mathy Vanhoef of imec-DistriNet, KU Leuven, discovered a serious weakness in WPA2 known as the Key Reinstallation AttaCK (or KRACK) attack. Their overview, Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse, and research paper ( Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, co-authored by Frank Piessens ) have created quite a stir in our industry because the press touts that it “breaks Wi-Fi” There have

Authentication 52

Authentication 52

Troy Hunt

OCTOBER 18, 2017

It's finally time: it's time the pendulum swings further towards the "secure by default" end of the scale than what it ever has before. At least insofar as securing web traffic goes because as of this week's Chrome 62's launch, any website with an input box is now doing this when served over an insecure connection: It's not doing it immediately for everyone , but don't worry, it's coming very soon even if it hasn't yet arrived for you personally and it's going to take many people by surp

257

257

Thales Cloud Protection & Licensing

OCTOBER 27, 2017

Multi-cloud use – It’s here in spades. One of the things we see every day at Thales is how the pace of change in organizations is pushing them to adapt and utilize cloud, big data, IoT and container technologies. Organizations are digitally transforming themselves at a fundamental level to address new markets, offer new services to existing customers and stay relevant in a rapidly changing world that is increasingly operating online.

Encryption 73

Encryption Digital transformation Big data IoT 73

ForAllSecure

OCTOBER 10, 2017

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

Technology 52

Technology Software Engineering Hacking 52

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Troy Hunt

OCTOBER 24, 2017

Current status: The competition has run and been won! Scroll down to the bottom for the result. Friends who follow what I'm up to these days will see that I'm often away from home in far-flung parts of the world. What that means is a lot of time on planes, a lot of time in airports (which is where I'm writing this now) and a lot of time in hotel rooms.

Passwords 138

Passwords Data breaches Accountability Education 138

Troy Hunt

OCTOBER 17, 2017

It's another Pluralsight course! I actually recorded Emerging Threats in IoT with Lars Klint back in June whilst we were at the NDC conference in Oslo. It's another "Play by Play" course which means it's Lars and I sitting there having a conversation like this: We choose to talk about IoT because frankly, it's fascinating. There's just so many angles to security in otherwise everyday devices, for example: The collection of never-before digitised data (adult toys are a perfect example).

IoT 134

IoT Risk Passwords 134

Troy Hunt

OCTOBER 20, 2017

I'm doing this week's update a little back to front due to the massive incident in South Africa involving what looks like pretty much the entire population. I've spent the first half an hour just talking about that incident in a way that I hope is consumable for the layperson. I wanted to explain what these things many regular viewers understand as "data breaches" are, why I have them and pretty much everything else I know about the incident in South Africa.

IoT 119

IoT Data breaches 119

Troy Hunt

OCTOBER 27, 2017

I'm between (short domestic) trips, I'm playing with my new iPad and I'm working on something really, really cool I'm going to be talking about next week. Seriously, this is a big thing that's been in the works for a while now and I'll be covering it in detail in the next update. For now, I've caught up on the whole IoT warning thing I totally overlooked last week.

IoT 110

IoT 110

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Troy Hunt

OCTOBER 13, 2017

After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. As much as it was nice to get out, the audio is a little sketchy in places which I suspect is due to my mic losing its furry cover and then dangling from the lanyard on my hat and hitting my chest.

Data breaches 107

Data breaches 107

Thales Cloud Protection & Licensing

OCTOBER 30, 2017

Inspired by National Cybersecurity Awareness Month (NCSAM), I kicked off our partner spotlight series earlier this month with one of our valued partners in the privileged account management space. In this piece we turn our attention to identity management and transaction security and we spotlight Entrust Datacard. The company is a provider of identity and secure transaction technologies that make business and personal experiences – such as making purchases, crossing borders, accessing e-governme

Technology 91

Technology Authentication Cybersecurity Marketing 91

ForAllSecure

OCTOBER 10, 2017

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

Technology 40

Technology Software Engineering Hacking 40

ForAllSecure

OCTOBER 10, 2017

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

Technology 40

Technology Software Engineering Hacking 40

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Troy Hunt

OCTOBER 19, 2017

This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours. This post explains everything I know. Who Am I and Why Do I Have This Data?

Data breaches 208

Data breaches Government Backups Internet 208