Troy Hunt

APRIL 17, 2018

I have a vehement dislike of spam. Right there, that's something you and I have in common because I'm yet to meet a person who says "well actually, I find those Viagra emails I receive every day kinda useful" We get bombarded by spam on a daily basis and quite rightly, people get kinda cranky when they have to deal with it; it's an unwanted invasion that takes a little slice of unnecessary mental processing each time we see it.

Media 211

Media Advertising Accountability Marketing 211

Schneier on Security

APRIL 16, 2018

The Center for Democracy and Technology has a good summary of the current state of the DMCA's chilling effects on security research. To underline the nature of chilling effects on hacking and security research, CDT has worked to describe how tinkerers, hackers, and security researchers of all types both contribute to a baseline level of security in our digital environment and, in turn, are shaped themselves by this environment, most notably when things they do upset others and result in threats,

Hacking 128

Hacking Accountability Technology Risk 128

WIRED Threat Level

APRIL 17, 2018

Among those involved in David Pokora's so-called Xbox Underground, one would become an informant, one would become a fugitive, and one would end up dead.

Hacking 111

Hacking 111

Dark Reading

APRIL 17, 2018

Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.

96

96

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

APRIL 19, 2018

I saw a story pop up this week which made a bunch of headlines and upon sharing it, also sparked some vigorous debate. It all had to do with a 19-year-old bloke in Canada downloading some publicly accessible documents which, as it later turned out, shouldn't have been publicly accessible. Let's start with this video as it pretty succinctly explains the issue in consumer-friendly terms: VIDEO: Nova Scotia's government is accusing a 19-year-old of breaching their government website's secur

Hacking 174

Hacking Government Technology Risk 174

Schneier on Security

APRIL 19, 2018

Police in the UK were able to read a fingerprint from a photo of a hand : Staff from the unit's specialist imaging team were able to enhance a picture of a hand holding a number of tablets, which was taken from a mobile phone, before fingerprint experts were able to positively identify that the hand was that of Elliott Morris. [.]. Speaking about the pioneering techniques used in the case, Dave Thomas, forensic operations manager at the Scientific Support Unit, added: "Specialist staff within th

Mobile 110

Mobile 110

Elie

APRIL 18, 2018

While machine learning is integral to innumerable anti-abuse systems including spam and phishing detection, the road to reap its benefits is paved with numerous abuse-specific challenges. Drawing from concrete examples this session will discuss how these challenges are addressed at Google and providea roadmap to anyone interested in applying machine learning to fraud and abuse problems.

Phishing 89

Phishing 89

Troy Hunt

APRIL 19, 2018

I was chatting to some folks at a bank just the other day about a bunch of modern web security standards. Whilst this blog post is about a Pluralsight course I created with Lars Klint , it only really hit me during that bank conversation just how much there is to take onboard when it comes to securing things in the browser today. Let me paraphrase: Bank: We're thinking of using SRI to protect malicious modification of scripts we load in from a partner.

Banking 119

Banking DNS 119

Schneier on Security

APRIL 17, 2018

Turns out it's easy to hijack emergency sirens with a radio transmitter.

Hacking 127

Hacking 127

WIRED Threat Level

APRIL 16, 2018

New research shows just how prevalent political advertising was from suspicious groups in 2016—including Russian trolls.

Advertising 111

Advertising 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Elie

APRIL 18, 2018

While machine learning is integral to innumerable anti-abuse systems including spam and phishing detection, the road to reap its benefits is paved with numerous abuse-specific challenges. Drawing from concrete examples this session will discuss how these challenges are addressed at Google and providea roadmap to anyone interested in applying machine learning to fraud and abuse problems.

Phishing 89

Phishing 89

Troy Hunt

APRIL 20, 2018

I'm home! Home is good. My travel stats for this year - not so good. As I say in the video, I need to fix this so at this stage, I'm saying "no" to pretty much everything in the second half of the year that involves international travel and I'll just do the exceptionally awesome stuff. But be that as it may, there's a bunch of other stuff to talk about this week including 3 new blog posts.

Mobile 109

Mobile Media Hacking 109

Dark Reading

APRIL 20, 2018

Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.

Cybercrime 81

Cybercrime 81

WIRED Threat Level

APRIL 19, 2018

New research from Princeton University exposes vulnerabilities in the social network's universal login API.

Risk 108

Risk 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Thales Cloud Protection & Licensing

APRIL 18, 2018

Security Application Key Management. One of the long standing challenges with security applications that involve data encryption has been key management. Where to get good keys? Where to store keys safely? With Thales eSecurity’s Vormetric Application Encryption (VAE) we’ve solved these problems by providing a PKCS #11 library and a connection to the Vormetric Data Security Manager (DSM), which both creates and stores encryption keys in a FIPS 140-2 compliant system.

Encryption 63

Encryption Authentication Software 63

Kali Linux

APRIL 16, 2018

In an earlier post, we covered Package Management in Kali Linux. With the ease of installation that APT provides, we have the choice amongst tens of thousands of packages but the downside is, we have tens of thousands of packages. Finding out what packages are available and finding the one(s) we want can be a daunting task, particularly for newcomers to Linux.

Wireless 52

Wireless Architecture Passwords Internet 52

Dark Reading

APRIL 19, 2018

At RSA Conference, Senrio researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.

Data breaches 72

Data breaches IoT Hacking 72

WIRED Threat Level

APRIL 19, 2018

We leave traces of our genetic material everywhere, even on things we’ve never touched. That got Lukis Anderson charged with a brutal crime he didn’t commit.

86

86

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Elie

APRIL 19, 2018

This post explains why artificial intelligence (AI) is the key to build anti-abuse defenses that keep up with user expectations and combat increasingly sophisticated attacks. This is the first post of a series of four posts dedicated to provide a concise overview of how to harness AI to build robust anti-abuse protections.

Artificial Intelligence 48

Artificial Intelligence 48

Thales Cloud Protection & Licensing

APRIL 17, 2018

The 2018 RSA Conference officially kicked off with a welcome reception on Monday evening. Following a couple hours spent milling around the exhibits, speaking with industry cohorts, and giving the Thales Escape Room a go (along with other RSA attendees), the Thales eSecurity team headed over to Jillian’s San Francisco for the company’s yearly RSA customer and partner appreciation happy hour.

Engineering 48

Engineering Encryption Technology 48

Threatpost

APRIL 18, 2018

Researchers found a new iOS vulnerability called “trustjacking,” which exploits a feature called iTunes Wi-Fi Sync to give attackers persistent control over victims' devices.

Malware 49

Malware 49

WIRED Threat Level

APRIL 17, 2018

By accepting Verge, Pornhub could help make cryptocurrency transactions in general more mainstream.

Cryptocurrency 102

Cryptocurrency 102

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

eSecurity Planet

APRIL 17, 2018

[VIDEO] Jason Brvenik, Chief Technology Officer at NSS Labs details the best practises he recommends as his company releases its 2018 Advanced Endpoint Protection Group Test Results at RSA Conference 2018

Technology 48

Technology 48

Dark Reading

APRIL 19, 2018

Justin Calmus, Chief Security Officer at OneLogin, believes that cybersecurity professionals - including CISOs and other security team leaders - can be much more effective at their jobs if they stay actively engaged with hacking communities that keep them on their toes and give them deep insight into attack trends.

CISO 46

CISO Hacking Cybersecurity 46

Threatpost

APRIL 19, 2018

Researchers are warning malware payloads can bypass traditional AV protection when delivered buried inside images, documents or even just a pixel.

Malware 54

Malware Cryptocurrency Hacking 54

WIRED Threat Level

APRIL 17, 2018

CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.

Malware 90

Malware Software 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

eSecurity Planet

APRIL 17, 2018

The RSA Conference 2018 Cryptographers' panel was not particularly optimistic about blockchain or the state of modern cyber security.

51

51

Dark Reading

APRIL 20, 2018

Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.

Software 45

Software 45

Threatpost

APRIL 18, 2018

Threatpost talks to crypto expert Nate Cardozo, senior staff attorney with the Electronic Frontier Foundation at RSA Conference 2018 about the U.S. government’s current position on device encryption and law enforcement's use of iPhone passcode cracker called GreyKey.

Encryption 46

Encryption Mobile 46

WIRED Threat Level

APRIL 20, 2018

Opinion: Citizens may object to their social media posts being mined by law enforcement, but the practice can keep the public safe.

Media 77

Media 77

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk