Troy Hunt

SEPTEMBER 11, 2018

Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public social media platform such as Twitter. Shortly thereafter, the masses descend on said organisation and express their outrage at the stated position. Where it gets interesting (and this is the whole point of the post), is when another group of folks pop up and accuse the outraged group of doing a bit o

Media 260

Media Accountability Passwords Mobile 260

Schneier on Security

SEPTEMBER 14, 2018

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for any key length.

Encryption 252

Encryption Technology Engineering Authentication 252

Krebs on Security

SEPTEMBER 10, 2018

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle.

Cybercrime 218

Cybercrime Accountability Media Retail 218

Adam Shostack

SEPTEMBER 14, 2018

Lately, I’ve been asking what takes threat modeling from a practice to a mission. If you’re reading this blog, you may have seen that some people are nearly mad about threat modeling. The ones who say “you’re never done threat modeling.” The ones who’ve made it the center of their work practice. What distinguishes those people from those who keep trying to teach developers about the difference between a hactivist and a script kiddie?

Engineering 200

Engineering Media Technology 200

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

SEPTEMBER 13, 2018

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. Skelly started out as a U.S. Army Explosive Ordnance Disposal (EOD) Technician. “I was on the EOD team that was actually assigned to the White House during 9/11, so I got to see our national response framework from a very high level,” she says.

Cybersecurity 152

Cybersecurity Artificial Intelligence Technology Engineering 152

Schneier on Security

SEPTEMBER 11, 2018

This is really interesting research: " BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid ": Abstract : We demonstrate that an Internet of Things (IoT) botnet of high wattage devices-such as air conditioners and heaters-gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a bot

IoT 213

IoT Hacking Marketing Engineering 213

Adam Levin

SEPTEMBER 10, 2018

Only 34.5 % of the approximately 500 professionals responsible for compliance to the European Union (EU) General Data Protection Regulation (GDPR) report maintaining practices that are in keeping with the regulation, a recent Deloitte poll. According to the poll, one-third of respondents (32.7 %) hope to be compliant within 2018. And, 11.7% plan to take a “wait and see” approach amid uncertainty over how EU regulators in various countries will enforce the new regulation.

Artificial Intelligence 129

Artificial Intelligence Risk 129

The Last Watchdog

SEPTEMBER 14, 2018

In March 2018, the city of Atlanta fell victim to a ransomware attack that shut down its computer network. City agencies were unable to collect payment. Police departments had to handwrite reports. Years of data disappeared. Related: Political propaganda escalates in U.S. The attack also brought cybersecurity to the local level. It’s easy to think of it as a problem the federal government must address or something that enterprises deal with, but cybersecurity has to be addressed closer to home,

Government 117

Government Digital transformation Cyber Insurance Hacking 117

Schneier on Security

SEPTEMBER 14, 2018

It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing , Financial Times , Harris Online , Kirkus Reviews , Nature , Politico , and Virus Bulletin. I've also done a bunch of interviews -- either written or radio/podcast -- including the Washington Post , a Reddit AMA , " The 1A " on NPR, Security Ledger , MIT Technology Review , CBC Radio , and WNYC Radio.

Technology 188

Technology 188

Troy Hunt

SEPTEMBER 14, 2018

We're on a boat! This week, Scott Helme is back in town so I'm treating him to a rare sight for the Englishman - sunshine ??. We're also talking about my.NET Conf talk, Chrome's visual changes (and rolling back some of them), the FreshMenu data breach, getting better at filtering CSP reports, the effectiveness of public shaming, the kayo.moe credential stuffing list and lastly, Scott talks about his blog post on protecting sites from modified JavaScript (now linked to in the references below).

Data breaches 114

Data breaches 114

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Levin

SEPTEMBER 11, 2018

The Government Accountability Office released a report detailing last year’s massive Equifax data breach and how hackers were able to infiltrate the company’s systems to gain access to the personal information of at least 145.5 million individuals. According to the report, the hackers took advantage of a recently announced vulnerability in a web server technology called Apache Struts, which Equifax failed to patch or address and that left their systems vulnerable for weeks.

Government 123

Government Data breaches Encryption Passwords 123

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2018

The Internet of Things (IoT) is rapidly growing and expected to affect all industry verticals as well as our private lives. It is no secret that security plays a very important part in the successful deployment and management of this technology, and its applications are set to transform the way we live and do business. In this blog, we reached out to our technology partner Nexus to better understand the challenges that the industry faces to ensure safe deployment and management of IoT technologi

IoT 92

IoT Computers and Electronics Authentication Marketing 92

Schneier on Security

SEPTEMBER 13, 2018

Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include: Disincentive for vulnerability disclosure Cultivation of a market for surveillance tools Attackers co-opt hacking tools over which governments have lost control Attackers learn of vulnerabilities through government use of malware Government incentives to push for less

Government 150

Government Hacking Risk Surveillance 150

Security Affairs

SEPTEMBER 13, 2018

New Firmware Flaws Resurrect Cold Boot Attacks. A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. A team of experts from cybersecurity firm F-Secure has discovered security flaws affecting firmware in modern computers that could be exploited by hackers to carry out cold boot attacks and recover sensitive data from the memory of the affected machines.

Firmware 88

Firmware Encryption Advertising Passwords 88

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Adam Levin

SEPTEMBER 11, 2018

Adam Levin spoke with Columbus Business First at BizJournals about the recent cyber attack which hit an Ohio property management group. “Companies should be very vigorous when it comes to monitoring their systems,” Levin said in reference to the breach. Read the article here. The post Adam Levin discusses Ohio Cyberattack with BizJournals appeared first on Adam Levin.

Cyber Attacks 100

Cyber Attacks 100

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

Vincent Van Gogh is believed to have said “Great things are … done … by a series of small things brought together.” This aptly describes the Internet of Things (IoT), where many small things are coming together to shape what we all hope will deliver a great leap in the way we live and do business. In this blog, and in and accompanying interview with our colleague Daniel Hjort from Nexus Group, we discuss the challenges that industry faces to ensure safe deployment and management of IoT technolog

Manufacturing 89

Manufacturing Internet Internet IoT 89

Schneier on Security

SEPTEMBER 12, 2018

A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register : The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances, many IoT devices have little in the way of built-in network security.

IoT 145

IoT Network Security Risk 145

WIRED Threat Level

SEPTEMBER 10, 2018

Weak encryption in the cars' key fobs allows all-too-easy theft, but you can set a PIN code on your Tesla to protect it.

Encryption 108

Encryption 108

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

SEPTEMBER 12, 2018

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. Researchers at Trend Micro have detected a new ransomware family, dubbed PyLocky, that was used in attacks between July and August, the malware was posing as the Locky ransomware using its ransom note.

Ransomware 84

Ransomware Encryption Social Engineering Malware 84

Dark Reading

SEPTEMBER 14, 2018

Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the country's highly decentralized voting systems to safeguard the integrity of upcoming elections.

77

77

Threatpost

SEPTEMBER 14, 2018

Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […].

Cybersecurity 76

Cybersecurity InfoSec 76

Architect Security

SEPTEMBER 9, 2018

One of my talks is about using “Social Engineering at work” – how to gain and utilize positive influence to get things done.

Social Engineering 81

Social Engineering Engineering 81

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

SEPTEMBER 13, 2018

Experts discovered several flaws in Fuji Electric V-Server, a tool that connects PCs within the organizations to Industrial Control Systems (ICS). Experts discovered several vulnerabilities in Fuji Electric V-Server, a tool that connects PCs within the organizations to Industrial Control Systems (ICS) on the corporate network. The ICS-CERT published two advisories to warn of the existence of the flaws that could have a severe impact on a broad range of companies in the critical manufacturing sec

Advertising 83

Advertising Manufacturing Hacking 83

Dark Reading

SEPTEMBER 13, 2018

One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.

92

92

Threatpost

SEPTEMBER 12, 2018

The development fits a trend that sees threat actors turning to well-known, commodity malware, overcoming its easy detection with ever-better obfuscation methods.

Antivirus 78

Antivirus Malware 78

WIRED Threat Level

SEPTEMBER 11, 2018

Security researchers have detailed how a criminal hacking gang used just 22 lines of code to steal credit card info from hundreds of thousands of British Airways customers.

Hacking 70

Hacking 70

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

SEPTEMBER 14, 2018

Researchers from the Unit42 at Palo Alto Networks observed Iran-Linked OilRig APT group targeting high-ranking office in a Middle Eastern nation. The Iran-linked APT group OilRig continues to very active, it continues to improve the weapons in its arsenal. The OilRig hacker group has been around since at least 2015, since then it targeted mainly organizations in the financial and government sectors, in the United States and Middle Eastern countries.

DNS 74

DNS Phishing Government Malware 74

Dark Reading

SEPTEMBER 14, 2018

New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.

Government 82

Government Passwords Authentication 82

Threatpost

SEPTEMBER 14, 2018

The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.

Encryption 79

Encryption 79

WIRED Threat Level

SEPTEMBER 9, 2018

Misplacing your smartphone—or worse, having it stolen—is awful. But you can at least minimize the damage with a few easy steps.

83

83

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk