Schneier on Security

APRIL 9, 2018

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses -- if they're even valid.) Netflix doesn't ignore dots, so those are all unique e-mail addresses and can each be used to register an account.

Accountability 222

Accountability Scams Phishing 222

Troy Hunt

APRIL 17, 2018

I have a vehement dislike of spam. Right there, that's something you and I have in common because I'm yet to meet a person who says "well actually, I find those Viagra emails I receive every day kinda useful" We get bombarded by spam on a daily basis and quite rightly, people get kinda cranky when they have to deal with it; it's an unwanted invasion that takes a little slice of unnecessary mental processing each time we see it.

Media 211

Media Advertising Accountability Marketing 211

WIRED Threat Level

APRIL 10, 2018

A Facebook permission allowed an app to read messages between 1,500 Facebook users and their friends until October 2015—data that Cambridge Analytica could have accessed.

111

111

Thales Cloud Protection & Licensing

APRIL 4, 2018

Thales eSecurity’s CTO Jon Geater and Peter Carlisle , Thales eSecurity’s VP of Sales, EMEA, were recently featured in major news outlets espousing their opinions about internet-connected devices and the new Cyber Security Export Strategy. Geater, on new UK IoT security guidelines. Earlier this month, the UK government announced guidelines to make internet-connected devices safer.

Cybersecurity 96

Cybersecurity IoT Digital transformation Government 96

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

APRIL 17, 2018

Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.

96

96

Elie

APRIL 18, 2018

While machine learning is integral to innumerable anti-abuse systems including spam and phishing detection, the road to reap its benefits is paved with numerous abuse-specific challenges. Drawing from concrete examples this session will discuss how these challenges are addressed at Google and providea roadmap to anyone interested in applying machine learning to fraud and abuse problems.

Phishing 89

Phishing 89

Troy Hunt

APRIL 23, 2018

Remember the anti-piracy campaign from years back about "You Wouldn't Steal a Car"? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL ("In Real Life") equivalents. Here's a quick recap: The very premise that the young girl sitting in her bedroom in the opening scene is in any way relatable to the guy in the dark alley sliding a slim jim down the Merc

Internet 209

Internet Internet Penetration Testing Hacking 209

WIRED Threat Level

APRIL 17, 2018

Among those involved in David Pokora's so-called Xbox Underground, one would become an informant, one would become a fugitive, and one would end up dead.

Hacking 111

Hacking 111

Thales Cloud Protection & Licensing

APRIL 16, 2018

The past year has seen a number of high profile security breaches tied to leaky storage servers. Specifically, the leakage of sensitive files connected to misconfigured security protocols on Amazon Simple Storage Service (S3) buckets. In fact, in June, a misconfigured database containing the sensitive personal information of 198 million American voters was left exposed online for nearly two weeks.

Encryption 91

Encryption Big data Backups Threat Reports 91

Threatpost

APRIL 9, 2018

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware.

Malware 78

Malware Hacking 78

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Elie

APRIL 18, 2018

While machine learning is integral to innumerable anti-abuse systems including spam and phishing detection, the road to reap its benefits is paved with numerous abuse-specific challenges. Drawing from concrete examples this session will discuss how these challenges are addressed at Google and providea roadmap to anyone interested in applying machine learning to fraud and abuse problems.

Phishing 89

Phishing 89

Schneier on Security

APRIL 23, 2018

Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses , many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first place. Such a weird story. If you want secure messaging, use Signal.

Encryption 164

Encryption 164

Troy Hunt

APRIL 27, 2018

When I launched Pwned Passwords in August , I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. (Incidentally, for anyone about to lose their mind over SHA-1, read that launch post as to why that hashing algorithm is used.

Passwords 186

Passwords 186

WIRED Threat Level

APRIL 11, 2018

Russian agents used Facebook to influence the 2017 election. Congress missed the chance to delve into what the company knows about it—and how they’ll stop it in 2018.

103

103

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

APRIL 9, 2018

Retailer says customer payment and other information may have been exposed via the breach of [24]7.ai online chat provider.

Retail 93

Retail 93

Andrew Hay

APRIL 30, 2018

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference. In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Information Security 74

Information Security 74

Threatpost

APRIL 10, 2018

Researchers are warning of a new email phishing campaign that launches a trojan capable of distributing ransomware and stealing passwords.

Phishing 78

Phishing Passwords Ransomware Social Engineering 78

Schneier on Security

APRIL 25, 2018

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they're backdoored.

IoT 160

IoT Encryption Technology Risk 160

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Troy Hunt

APRIL 19, 2018

I saw a story pop up this week which made a bunch of headlines and upon sharing it, also sparked some vigorous debate. It all had to do with a 19-year-old bloke in Canada downloading some publicly accessible documents which, as it later turned out, shouldn't have been publicly accessible. Let's start with this video as it pretty succinctly explains the issue in consumer-friendly terms: VIDEO: Nova Scotia's government is accusing a 19-year-old of breaching their government website's secur

Hacking 174

Hacking Government Technology Risk 174

WIRED Threat Level

APRIL 9, 2018

Facebook has released a tool that lets you see if you were caught up in the Cambridge Analytica fiasco—and what other apps know about you know.

111

111

Dark Reading

APRIL 20, 2018

Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.

Cybercrime 81

Cybercrime 81

Thales Cloud Protection & Licensing

APRIL 25, 2018

Jim DeLorenzo, Solutions Marketing Manager, Thales eSecurity. By now, few businesses can be unaware that there is just one month to go until the EU General Data Protection Regulation, better known as the GDPR, comes into force. Perhaps the most comprehensive data privacy standard ever introduced, the GDPR will impact every individual and business that is either a ‘controller’ or ‘processor’ of EU citizens’ personal data.

Encryption 63

Encryption Data breaches Data privacy Risk 63

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Threatpost

APRIL 24, 2018

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch […].

Ransomware 67

Ransomware Government Hacking 67

Schneier on Security

APRIL 27, 2018

This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over to Sabadell over the weekend. It's turned out to be an epic failure, and it's not clear if and when this can be straightened out.

Banking 150

Banking Accountability 150

Troy Hunt

APRIL 12, 2018

I received a very nice email this week: Congratulations, your nomination has been accepted to the Microsoft Regional Director program! I am pleased to welcome you back to this worldwide community of technology thought leaders and thank you for being a part of this community. Just over 2 years ago, I first became a Microsoft Regional Director. This is a role that has meant a great deal to me over that time; it's not one you can sit an exam for and no amount of money will buy you one either.

InfoSec 158

InfoSec Technology Media Internet 158

WIRED Threat Level

APRIL 9, 2018

Some network communication protocol vulnerabilities have been known for more than a decade and still aren't fixed. Now they're being exploited.

IoT 109

IoT 109

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

Dark Reading

APRIL 19, 2018

At RSA Conference, Senrio researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.

Data breaches 72

Data breaches IoT Hacking 72

Thales Cloud Protection & Licensing

APRIL 18, 2018

Security Application Key Management. One of the long standing challenges with security applications that involve data encryption has been key management. Where to get good keys? Where to store keys safely? With Thales eSecurity’s Vormetric Application Encryption (VAE) we’ve solved these problems by providing a PKCS #11 library and a connection to the Vormetric Data Security Manager (DSM), which both creates and stores encryption keys in a FIPS 140-2 compliant system.

Encryption 63

Encryption Authentication Software 63

Threatpost

APRIL 25, 2018

Researchers discovered a flaw in Amazon’s Alexa virtual assistant that enabled them to eavesdrop on consumers with smart devices – and automatically transcribe every word said.

Hacking 66

Hacking IoT 66

Schneier on Security

APRIL 13, 2018

Interesting research: " 'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale ": Abstract: We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps' compliance with the Children's Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S.

Advertising 133

Advertising Mobile 133

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity