Sat.May 26, 2018 - Fri.Jun 01, 2018

article thumbnail

1834: The First Cyberattack

Schneier on Security

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements.

Scams 212
article thumbnail

Welcoming the Spanish Government to Have I Been Pwned

Troy Hunt

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely,gov.uk and.gov.au - as well as across a handful of their other whitelisted gov domains on other TLDs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Attacks against machine learning — an overview

Elie

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

article thumbnail

Machine Learning, Artificial Intelligence & the Future of Cybersecurity

Dark Reading

The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Kidnapping Fraud

Schneier on Security

Fake kidnapping fraud : "Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they're being held responsible," Commander McLean said. The scammers threaten the students with deportation from Australia or some kind of criminal punishment.

Scams 115
article thumbnail

AusCERT and the Award for Information Security Excellence

Troy Hunt

I've been at the AusCERT conference this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: Off to #AusCERT2018 ! It’s all blue outside today, what an awesome day for a short walk from home ??

More Trending

article thumbnail

How WIRED Lost $100,000 in Bitcoin

WIRED Threat Level

We mined roughly 13 Bitcoins and then ripped up our private key. We were stupid—but not alone.

111
111
article thumbnail

Damaging Hard Drives with an Ultrasonic Attack

Schneier on Security

Playing a sound over the speakers can cause computers to crash and possibly even physically damage the hard drive. Academic paper.

142
142
article thumbnail

Weekly Update 89

Troy Hunt

An exciting weekly update - I got an award! I did write about it earlier this morning, but I talk about it more in this week's update and explain why it means a lot. In other news, I'm heading back to Europe in a few days from now so am doing the last-minute rush tying up loose ends here, finishing presentations and just generally preparing myself for what will be another hectic few weeks.

Passwords 115
article thumbnail

Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net

Dark Reading

One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.

91
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Puppy Brain Scans Could Help Pick the Best Dog Bomb Sniffers

WIRED Threat Level

Researchers are working to identify behavioral and neurological indicators that determine which lil puppers will grow into good bomb-sniffing doggos.

92
article thumbnail

Numbers Stations

Schneier on Security

On numbers stations.

article thumbnail

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Threatpost

The exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources.

article thumbnail

Mapping the threat: an insight into data breaches across Europe

Thales Cloud Protection & Licensing

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. It’s no surprise feelings of vulnerability are high, with just 8 per cent of businesses not feeling at risk.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Papua New Guinea Wants to Ban Facebook. It Shouldn't

WIRED Threat Level

The island nation is considering blocking Facebook for one month in order to collect information on fake profiles, pornography, and more. But the impact could be severe.

84
article thumbnail

Attacks against machine learning — an overview

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

Cybercrime Is Skyrocketing as the World Goes Digital

Dark Reading

If cybercrime were a country, it would have the 13th highest GDP in the world.

article thumbnail

The DHS Cybersecurity Strategy: Five Pillars of Cybersecurity Goals

Thales Cloud Protection & Licensing

The recent DHS Cybersecurity Strategy was released at a crucial time when today’s cyberspace has become a new frontier for warfare for both nation states and criminal hackers. And as we continue to move into an era of digital transformation and interconnectedness, there is increasing concern among organizations and average citizens around the security of sensitive data.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

How San Quentin Inmates Built JOLT, a Search Engine for Prison

WIRED Threat Level

After learning to code from nonprofit The Last Mile, four inmates built JOLT, a search engine to help further their studies.

article thumbnail

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Threatpost

Google has rolled out its newest browser version (Chrome 67.0.3396.62) for Windows, Mac and Linux this week with new security fixes and biometric features.

53
article thumbnail

Alexa Mishap Hints at Potential Enterprise Security Risk

Dark Reading

When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.

Risk 66
article thumbnail

An Inside Look at OpenStack Security Efforts

eSecurity Planet

OpenStack is a widely used open-source cloud platform, but isn't secure by default. OpenStack experts reveal what is needed to make your cloud secure.

44
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Why Russian Journalist Arkady Babchenko Faked His Own Murder—And What Happens Now

WIRED Threat Level

Russian war correspondent Arkady Babchenko was reported dead Tuesday. On Wednesday, he showed up at a press conference, very much alive.

79
article thumbnail

Hidden Cobra Strikes Again with Custom RAT, SMB Malware

Threatpost

The North Korean-sponsored actors are targeting sensitive and proprietary information, and the malware could disrupt regular operations and disable systems and files.

Malware 47
article thumbnail

How to Empower Today's 'cISOs'

Dark Reading

Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.

CISO 62
article thumbnail

How to Secure Edge Computing

eSecurity Planet

As cloud computing moves to the edge of network, organizations will face new security challenges.

46
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

The Bleak State of Federal Government Cybersecurity

WIRED Threat Level

Nearly three out of four federal agencies is unprepared for a cyberattack, and there's no system in place to fix it.

article thumbnail

Brazilian Banking Trojan Communicates Via Microsoft SQL Server

Threatpost

Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control (C&C) server.

Banking 45
article thumbnail

6 Ways Third Parties Can Trip Up Your Security

Dark Reading

Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems

63
article thumbnail

GDPR Solutions: Cybersecurity Vendors Offer New Compliance Products

eSecurity Planet

GDPR is here, and cybersecurity vendors are responding with privacy and security compliance solutions.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.