June, 2022

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Schneier on Security

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019.

EU and U.S. Join Forces to Help Developing World Cybersecurity

Lohrman on Security

The United States and the European Union are planning to work together to secure digital infrastructure in developing countries. Here’s why this is vitally important


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

Last week, I attended an excellent briefing given by Tom Gillis, Senior Vice President and General Manager of VMware’s Networking and Advanced Security Business Group, in which he discussed various important cybersecurity-related trends that he and his team have observed.

KrebsOnSecurity in New Netflix Series on Cybercrime

Krebs on Security

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing. Perhaps elderly folks who haven’t spent a lot of time online are easier to deceive.

Scams 209

The Cybersecurity Skills Gap is Another Instance of Late-stage Capitalism

Daniel Miessler

It’s common to hear that it’s hard to get into cybersecurity, and that this is a problem. That seems to be true, but it’s informative to ask a simple follow-up: The current cybersecurity jobs gap sits at around 2.7 million people. A problem for who?

More Trending

Hacktivism Against States Grows After Overturn of Roe v. Wade

Lohrman on Security

State and local governments need to prepare and respond to a new round of cyber attacks coming from groups claiming to be protesting the Supreme Court overturning Roe v. Wade last Friday

Top-Ranked New Jersey School District Cancels Final Exams Following Ransomware Cyberattack

Joseph Steinberg

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure.

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

Authorities in the United States, Germany, the Netherlands and the U.K.

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

Third-Party Risk Management ( TPRM ) has been around since the mid-1990s – and has become something of an auditing nightmare. Related: A call to share risk assessments. Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk. TPRM will be in the spotlight at the RSA Conference 2022 next week in San Francisco.

Risk 196

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Weekly Update 298

Troy Hunt

I somehow ended up blasting through an hour and a quarter in this week's video with loads of discussion on the CTARS / NDIS data breach then a real time "let's see what the fuss is about" with news that one of our state's digital driver's licenses (DDL) may be easily forgeable.

Symbiote Backdoor in Linux

Schneier on Security

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines.

What Can Be Done About the Decline of Customer Service?

Lohrman on Security

Frustration, anger and even desperation are showing up across diverse industries as the meaning of “more for less” is changing in America


Detection as Code? No, Detection as COOKING!

Anton on Security

One of the well-advertised reasons for being in the office is about those “magical hallway conversations” (Google it). One happened to me a few days ago and led to a somewhat heated debate on the nature of modern threat detection.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

Media 228

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

The Last Watchdog

The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing. Related: Covid 19 ruses used in email attacks. At RSA Conference 2022 , which takes place next week in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.

Weekly Update 301

Troy Hunt

First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested first) but it's obviously just super sensitive to the wind.

Tracking People via Bluetooth on Their Phones

Schneier on Security

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Lessons from the Gartner Security & Risk Management Summit

Lohrman on Security

What are the important trends regarding business risk and all things cybersecurity? Here are my top takeaways from the Gartner conference I attended this week.

Risk 148

How Good is DALL·E 2 at Creating NFT Artwork?

Daniel Miessler

If you’ve not heard, there are these things called NFTs. I think they’re simultaneously the future of digital signaling and currently mostly hype. But whatever—that’s not what this post is about.

What Counts as “Good Faith Security Research?”

Krebs on Security

The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases.

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

It’s not difficult to visualize how companies interconnecting to cloud resources at a breakneck pace contribute to the outward expansion of their networks’ attack surface. Related: Why ‘SBOM’ is gaining traction. If that wasn’t bad enough, the attack surface companies must defend is expanding inwardly, as well – as software tampering at a deep level escalates.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Welcoming the Indonesian Government to Have I Been Pwned

Troy Hunt

Four years ago now, I started making domains belonging to various governments around the world freely searchable via a set of APIs in Have I Been Pwned. Today, I'm very happy to welcome the 33rd government, Indonesia!

Attacking the Performance of Machine Learning Systems

Schneier on Security

Interesting research: “ Sponge Examples: Energy-Latency Attacks on Neural Networks “: Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs.


Brilliant Advice From Abraham Lincoln About Internet News Reports

Joseph Steinberg

Nearly a decade ago, well before most people had first heard the term “fake news,” I wrote a piece for Forbes unlike any other piece I had ever written before. Since then, I have seen many Internet memes circulate that appear to convey a similar message.

Be you in the (cyber) workplace

Jane Frankland

At The Source, my new venture for women in cyber and businesses who value them, we have a saying, “Be you in the workplace.” ” And although that should be easy to do, sometimes it’s not.

Ransomware Group Debuts Searchable Victim Data

Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying.

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

The Last Watchdog

Reducing the attack surface of a company’s network should, by now, be a top priority for all organizations. Related: Why security teams ought to embrace complexity. As RSA Conference 2022 gets underway today in San Francisco, advanced systems to help companies comprehensively inventory their cyber assets for enhanced visibility to improve asset and cloud configurations and close security gaps will be in the spotlight. As always, the devil is in the details.

Weekly Update 300

Troy Hunt

Well, we're about 2,000km down on this trip and are finally in Melbourne, which was kinda the point of the drive in the first place (things just escalated after that).

When Security Locks You Out of Everything

Schneier on Security

Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA.

Crosspost: A Simple SOAR Adoption Maturity Model

Anton on Security

Originally written for a new Chronicle blog. As security orchestration, automation and response (SOAR) adoption continues at a rapid pace , security operations teams have a greater need for a structured planning approach.

Guilty as charged (or not) for spreading FUD about women in cyber

Jane Frankland

Judge: Jane Frankland, you have been picked up by the male police (one acting alone)) and stand here accused of potentially spreading FUD. On the 8 June you posted on LinkedIn highlighting data gaps and inconsistencies with regards to reporting for women in cyber, specifically methodologies.