January, 2018

article thumbnail

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

India's Aadhaar implementation is the largest biometric system in the world, holding about 1.2 billion locals' data. It's operating in an era of increasingly large repositories of personal data held by both private companies and governments alike. It's also an era where this sort of information is constantly leaked to unauthorised parties; last year Equifax lost control of 145.5 million records on US consumers (this started a series events which ultimately led to me testifying in front of Congre

Hacking 280
article thumbnail

XKCD's Smartphone Security System

Schneier on Security

Funny.

231
231
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Securing Data in the Digital Transformation Era

Thales Cloud Protection & Licensing

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

article thumbnail

Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes

WIRED Threat Level

Thanks to Tinder's patchwork use of HTTPS, researchers found they could reconstruct someone's entire experience in the app.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

DDoS Attacks Become More Complex and Costly

Dark Reading

Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.

DDOS 94
article thumbnail

How AI Is Redefining Cybersecurity

eSecurity Planet

A look at how security vendors that are employing artificial intelligence and machine learning to help IT security teams.

LifeWorks

More Trending

article thumbnail

Estimating the Cost of Internet Insecurity

Schneier on Security

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: " Estimating the Global Cost of Cyber Risk: Methodology and Examples ": Abstract : There is marked variability from study to study in the estimated direct and systemic costs of cyber incidents, which is further complicated by the considerable variation in cyber risk in differe

Internet 219
article thumbnail

Why 2018 Will Be the Trust Turning Point for the Digital Economy

Thales Cloud Protection & Licensing

We are in the midst of a digital revolution impacting every aspect of our everyday lives. At the center of the revolution is data, which is available in more forms, volume, depth and complexity since the beginnings of the computer revolution. Earlier this year , IDC predicted the world’s volume of data would expand to 163 zettabytes by 2025 – a tenfold rise in the total.

article thumbnail

Want to Avoid Malware on Your Android Phone? Try the F-Droid App Store

WIRED Threat Level

Opinion: Researchers from Yale Privacy Lab argue that the scourge of trackers in Android apps means users should stop using the Google Play store.

Malware 111
article thumbnail

Four Malicious Google Chrome Extensions Affect 500K Users

Dark Reading

ICEBRG Security Research team's finding highlights an often-overlooked threat.

88
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

How to Comply with GDPR

eSecurity Planet

IT experts share some their tips on updating IT systems and business processes to comply with the EU's strict new data privacy regulations.

article thumbnail

Streamlining Data Breach Disclosures: A Step-by-Step Process

Troy Hunt

I don't know how many data breaches I'm sitting on that I'm yet to process. 100? 200? It's hard to tell because often I'm sent collections of multiple incidents in a single archive, often there's junk in there and often there's redundancy across those collections. All I really know is that there's hundreds of gigabytes spread across thousands of files.

article thumbnail

Student Cracks Inca Knot Code

Schneier on Security

Interesting.

217
217
article thumbnail

Counting down, Getting Ready: GDPR in a Multi-Cloud World

Thales Cloud Protection & Licensing

( Originally posted to CenturyLink’s blog on November 10 ). To help save time and money, a growing number of enterprises are storing sensitive customer data in the public cloud. Increasingly, they’re also leveraging multiple cloud providers. According to IDC, nearly 80% of IT organizations currently deploy multi-cloud or plan to implement multi-cloud environments within 12 months.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Your Sloppy Bitcoin Drug Deals Will Haunt You For Years

WIRED Threat Level

Scouring the blockchain, researchers found years-old evidence tying Silk Road transaction to users' public accounts.

article thumbnail

AI in Cybersecurity: Where We Stand & Where We Need to Go

Dark Reading

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

article thumbnail

Enterprise Technologies That Tame GDPR Compliance

eSecurity Planet

The IT and software solutions that help businesses meet the EU's tough new data privacy regulation.

article thumbnail

I'm Teaming Up with Scott Helme to Run "Hack Yourself First" Workshops in Europe

Troy Hunt

This is probably the most self-explanatory blog post title I've ever written! But be that as it may, it deserves some explanation as to how I've arrived at this point and like many great ideas, it began over some beers. I've just arrived home to the Gold Coast in Australia which I frequently describe to people as "the sunny part of the sunny country" I'm literally sitting on a beach writing this blog post and frankly, I'd like to spend more time here.

Hacking 189
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Effects of the Spectre and Meltdown Vulnerabilities

Schneier on Security

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going t

article thumbnail

Profile of the Month: Cindy Provin, Chief Executive Officer

Thales Cloud Protection & Licensing

Cindy Provin is a 20-year veteran at Thales. This month, she became the CEO for Thales eSecurity. Previously, she served as the President for Thales eSecurity Americas, and Chief Strategy & Marketing Officer for Thales eSecurity. In her new role as CEO, Cindy will be responsible for leading a world-class organization and delivering a portfolio of security solutions to protect data wherever it is created, shared or stored.

article thumbnail

Meet Antifa's Secret Weapon Against Far-Right Extremists

WIRED Threat Level

Megan Squire doesn’t consider herself to be antifa and pushes digital activism instead, passing along information to those who might put it to real-world use—who might weaponize it.

111
111
article thumbnail

Satori Botnet Malware Now Can Infect Even More IoT Devices

Dark Reading

Latest version targets systems running ARC processors.

IoT 87
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hacker Infects Gas Pumps with Code to Cheat Customers

Threatpost

Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.

article thumbnail

2017 Retrospective

Troy Hunt

I look back a lot more than what I suspect people realise. Not in a reminiscent way, but rather because I find it helps me put things in perspective. A lot of people like to set personal goals or objectives so that there's something specific they're setting out to achieve but for me personally, I just want to see progress. I want to be able to do these retrospectives - not just on Jan 1 but every day - and say to myself "yeah, I'm happy with how far I've moved ahead" And believe me when

Hacking 148
article thumbnail

Skygofree: New Government Malware for Android

Schneier on Security

Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active.

Malware 210
article thumbnail

Does Encryption Really Protect My Cloud Data?

Thales Cloud Protection & Licensing

There has always been a battle between business efficiency and security since the invention of shared compute and data resources. Enterprise risk managers continue to swing the pendulum between business risk and security risk, depending on new demands versus new threats. Today’s enterprises have experienced this pendulum shift as cloud has become more relevant.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

WhatsApp Encryption Security Flaws Could Allow Snoops to Slide Into Group Chats

WIRED Threat Level

German researchers say that a flaw in the app's group-chat feature undermines its end-to-end encryption promises.

article thumbnail

Forever 21 Found Malware and Encryption Disabled on its PoS Devices

Dark Reading

The retailer found signs of unauthorized access and malware installed on point-of-sale devices during an investigation into last year's data breach.

Malware 79
article thumbnail

Firefox, Chrome Patch Vulnerabilities, Add Security Features

Threatpost

Dueling browsers, Mozilla Firefox and Google Chrome, have patched bugs and beefed up security.

73
article thumbnail

Weekly Update 70 (NDC London Edition)

Troy Hunt

It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week is Norway and Denmark and I'll be coming to you a little later due to a totally jam-packed Friday, more from me then. iTunes podcast | Google Play Music podcast | RSS podcast.

144
144
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.