Sat.May 26, 2018 - Fri.Jun 01, 2018

article thumbnail

Pwned Passwords in Practice: Real World Examples of Blocking the Worst Passwords

Troy Hunt

Back in August, I pushed out a service as part of Have I Been Pwned (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches via both a downloadable file and an online service. This was in response to NIST's Digital Identity Guidelines and in particular, the following recommendation: When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospec

Passwords 267
article thumbnail

1834: The First Cyberattack

Schneier on Security

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements.

Scams 256
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How WIRED Lost $100,000 in Bitcoin

WIRED Threat Level

We mined roughly 13 Bitcoins and then ripped up our private key. We were stupid—but not alone.

111
111
article thumbnail

Attacks against machine learning — an overview

Elie

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Welcoming the Spanish Government to Have I Been Pwned

Troy Hunt

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely,gov.uk and.gov.au - as well as across a handful of their other whitelisted gov domains on other TLDs.

article thumbnail

Damaging Hard Drives with an Ultrasonic Attack

Schneier on Security

Playing a sound over the speakers can cause computers to crash and possibly even physically damage the hard drive. Academic paper.

183
183

LifeWorks

More Trending

article thumbnail

Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net

Dark Reading

One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.

91
article thumbnail

AusCERT and the Award for Information Security Excellence

Troy Hunt

I've been at the AusCERT conference this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: Off to #AusCERT2018 ! It’s all blue outside today, what an awesome day for a short walk from home ??

article thumbnail

Numbers Stations

Schneier on Security

On numbers stations.

article thumbnail

Puppy Brain Scans Could Help Pick the Best Dog Bomb Sniffers

WIRED Threat Level

Researchers are working to identify behavioral and neurological indicators that determine which lil puppers will grow into good bomb-sniffing doggos.

107
107
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Attacks against machine learning — an overview

Elie

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

article thumbnail

Weekly Update 89

Troy Hunt

An exciting weekly update - I got an award! I did write about it earlier this morning, but I talk about it more in this week's update and explain why it means a lot. In other news, I'm heading back to Europe in a few days from now so am doing the last-minute rush tying up loose ends here, finishing presentations and just generally preparing myself for what will be another hectic few weeks.

Passwords 141
article thumbnail

Kidnapping Fraud

Schneier on Security

Fake kidnapping fraud : "Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they're being held responsible," Commander McLean said. The scammers threaten the students with deportation from Australia or some kind of criminal punishment.

Scams 140
article thumbnail

Papua New Guinea Wants to Ban Facebook. It Shouldn't

WIRED Threat Level

The island nation is considering blocking Facebook for one month in order to collect information on fake profiles, pornography, and more. But the impact could be severe.

102
102
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Cybercrime Is Skyrocketing as the World Goes Digital

Dark Reading

If cybercrime were a country, it would have the 13th highest GDP in the world.

article thumbnail

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Threatpost

The exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources.

article thumbnail

Mapping the threat: an insight into data breaches across Europe

Thales Cloud Protection & Licensing

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. It’s no surprise feelings of vulnerability are high, with just 8 per cent of businesses not feeling at risk.

article thumbnail

The Bleak State of Federal Government Cybersecurity

WIRED Threat Level

Nearly three out of four federal agencies is unprepared for a cyberattack, and there's no system in place to fix it.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Machine Learning, Artificial Intelligence & the Future of Cybersecurity

Dark Reading

The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.

article thumbnail

Attacks against machine learning — an overview

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

The DHS Cybersecurity Strategy: Five Pillars of Cybersecurity Goals

Thales Cloud Protection & Licensing

The recent DHS Cybersecurity Strategy was released at a crucial time when today’s cyberspace has become a new frontier for warfare for both nation states and criminal hackers. And as we continue to move into an era of digital transformation and interconnectedness, there is increasing concern among organizations and average citizens around the security of sensitive data.

article thumbnail

How to Secure Edge Computing

eSecurity Planet

As cloud computing moves to the edge of network, organizations will face new security challenges.

54
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Alexa Mishap Hints at Potential Enterprise Security Risk

Dark Reading

When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.

Risk 66
article thumbnail

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Threatpost

Google has rolled out its newest browser version (Chrome 67.0.3396.62) for Windows, Mac and Linux this week with new security fixes and biometric features.

53
article thumbnail

Friday Squid Blogging: Do Cephalopods Contain Alien DNA?

Schneier on Security

Maybe not DNA, but biological somethings. " Cause of Cambrian explosion -- Terrestrial or Cosmic? ": Abstract: We review the salient evidence consistent with or predicted by the Hoyle-Wickramasinghe (H-W) thesis of Cometary (Cosmic) Biology. Much of this physical and biological evidence is multifactorial. One particular focus are the recent studies which date the emergence of the complex retroviruses of vertebrate lines at or just before the Cambrian Explosion of ~500 Ma.

138
138
article thumbnail

An Inside Look at OpenStack Security Efforts

eSecurity Planet

OpenStack is a widely used open-source cloud platform, but isn't secure by default. OpenStack experts reveal what is needed to make your cloud secure.

46
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

6 Ways Third Parties Can Trip Up Your Security

Dark Reading

Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems

63
article thumbnail

Singapore ISP Leaves 1,000 Routers Open to Attack

Threatpost

Telcom firm leaves port open on customer routers after maintenance update exposing hundreds of customers to possible attack.

article thumbnail

Why Russian Journalist Arkady Babchenko Faked His Own Murder—And What Happens Now

WIRED Threat Level

Russian war correspondent Arkady Babchenko was reported dead Tuesday. On Wednesday, he showed up at a press conference, very much alive.

96
article thumbnail

GDPR Solutions: Cybersecurity Vendors Offer New Compliance Products

eSecurity Planet

GDPR is here, and cybersecurity vendors are responding with privacy and security compliance solutions.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!