Troy Hunt
DECEMBER 30, 2018
Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices. This is part of the opening monologue of the Ozark series and when I first heard it, I immediately stopped the show and dropped it into this blog post.
Krebs on Security
DECEMBER 1, 2018
We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
DECEMBER 6, 2018
In an excellent blog post , Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren't, including your credit card information, Social Security number, mother's maiden name, date of birth, address, previous addresses, phone number, and yes even your credit file.
Adam Levin
DECEMBER 18, 2018
The U.S. Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General. The report issued by the Inspector General’s office details several basic lapses in security protocols at five separate locations, including: A lack of multifactor authentication to access BMDS technical information.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Adam Shostack
DECEMBER 17, 2018
SANS has announced a new boardgame, “ Pivots and Payloads ,” that “takes you through pen test methodology, tactics, and tools with many possible setbacks that defenders can utilize to hinder forward progress for a pen tester or attacker. The game helps you learn while you play. It’s also a great way to showcase to others what pen testers do and how they do it.” If you register for their webinar, which is on Wednesday the 19th, they’ll send you some posters ver
The Last Watchdog
DECEMBER 26, 2018
Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days. Related podcast: The re-emergence of SIEMs. In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Krebs on Security
DECEMBER 23, 2018
A 22-year-old man convicted of cyberstalking and carrying out numerous bomb threats and swatting attacks — including a 2013 swatting incident at my home — was arrested Sunday morning in the Philippines after allegedly helping his best friend dump the body of a housemate into a local river. Suspects Troy Woody Jr. (left) and Mir Islam, were arrested in Manila this week for allegedly dumping the body of Woody’s girlfriend in a local river.
Schneier on Security
DECEMBER 4, 2018
There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack
Adam Levin
DECEMBER 3, 2018
The data of 114 million businesses and individuals has been discovered in an unprotected database. The information exposed included the full name, employer, email, address, phone number and IP address of 56,934,021 individuals, and the revenues and employee counts for up to 25 million business entities. Hackenproof, the Estonian cybersecurity company that found the data trove online, announced their discovery on their blog.
Adam Shostack
DECEMBER 21, 2018
Lance Cottrell has a blog “ The Why and How of High ROI Security Advisory Boards ” over at the Ntrepid blog. I’m pleased to be a part of the board he’s discussing, and will quibble slightly — I don’t think it’s easy to maximize the value of the board. It’s taken effort on the part of both Ntrepid staff and executives and also the board, and the result is clearly high value.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Last Watchdog
DECEMBER 3, 2018
I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management , I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco. Related: Uber hack shows DevOps risk.
Troy Hunt
DECEMBER 28, 2018
I'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week. As I say in the video, the reaction to my tweet about it was actually overwhelmingly positive, but there was this unhealthy undercurrent of negativity which was really disappointing to see. Several other non-related events following that demonstrated similar online aggressiveness and I don't know if it was a case of too much eggnog or simply people having more d
Krebs on Security
DECEMBER 29, 2018
Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts , but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 comments.
Schneier on Security
DECEMBER 3, 2018
Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Levin
DECEMBER 12, 2018
A New York Times report about the ways smartphone apps track users and sell their location data (on a far greater scale than most customers realize) has gotten much deserved attention this week. One data sample obtained by the Times showed records of a company updating users’ locations up to 14,000 times a day in 2017. While many users allow location tracking on their mobile apps to enable tailored content such as weather or nearby restaurants, they are often unaware that their travel history an
Adam Shostack
DECEMBER 7, 2018
J.E. Gordon’s Structures, or Why Things Don’t Fall Down is a fascinating and accessible book. Why don’t things fall down? It turns out this is a simple question with some very deep answers. Buildings don’t fall down because they’re engineered from a set of materials to meet the goals of carrying appropriate loads. Those materials have very different properties than the ways you, me, and everything from grass to trees have evolved to keep standing.
The Last Watchdog
DECEMBER 5, 2018
The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65 million patients had significant amounts of PII exposed by the healthcare provider’s third-party billing vendor, AccuDoc Solutio
Troy Hunt
DECEMBER 15, 2018
I'm in Whistler! And as I say at the start of this video, I did seriously consider having a week off these videos, but I found a comfy spot by the fire and a cold beer and all was good in the world again. This week has some updates on my Canada travels, a couple of data breaches I loaded during the week, new HIBP stickers and some really screwy password practices at HSBC.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
DECEMBER 19, 2018
Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers. The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks.
Schneier on Security
DECEMBER 7, 2018
Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company's local network.
Adam Levin
DECEMBER 5, 2018
The Mozilla Foundation has released the second installation of *Privacy Not included, the organization’s annual privacy guide to internet-connected gifts. The list was started to promote the idea that privacy and security by design can and should be a major selling point. Mozilla is the non profit organization behind the popular open source Firefox web browser.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
DECEMBER 10, 2018
The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.
Troy Hunt
DECEMBER 1, 2018
I'm pushing this out a day late so firstly, apologies for the break in what's otherwise a pretty steady cadence. But having said that, as I say at the start of this video I've really been struggling with work / life balance lately. As such, I recorded this Thursday evening then spent most of Friday on the jet ski with my son. We balanced out a lot of work on this trip ??
Krebs on Security
DECEMBER 4, 2018
Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case.
Schneier on Security
DECEMBER 21, 2018
Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen. He told BBC News: "There are 110,000 passengers due to fly today, and the vast majority of those will see cancellations and disruption.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Levin
DECEMBER 20, 2018
The US National Aeronautics and Space Administration has announced that it experienced a data breach in October. In an internal memo sent to employees, the agency disclosed that its “cybersecurity personnel began investigating a possible compromise of NASA servers,” and that they had “determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.”.
Adam Shostack
DECEMBER 12, 2018
Thanks to the kind folks Digital Guardian for including my threat modeling book in their list of “ The Best Resources for InfoSec Skillbuilding.” It’s particularly gratifying to see that the work is standing the test of time.
The Last Watchdog
DECEMBER 6, 2018
The United States Intelligence Community , or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices.
Troy Hunt
DECEMBER 7, 2018
I'm on countdown to take-off for the next 2 and a bit weeks so I'm going to keep this intro really short because it's sitting between me and a relaxing cold one (as soon as the bags are ready). Heaps of services got pwned, Australia has a screwy set of circumstances (and reactions) around a cyber bill and HIBP had a 5th birthday celebration which resulted in stickers and a really fun live AMA video.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Expert insights. Personalized for you.
280 
Let's personalize your content