Schneier on Security

JULY 30, 2018

Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive.

Media 277

Media Accountability 277

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

Authentication 228

Authentication Mobile Passwords Accountability 228

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Data breaches 213

Data breaches Cryptocurrency Ransomware Passwords 213

Troy Hunt

JULY 31, 2018

So that little project Scott Helme and I took on - WhyNoHTTPS.com - seems to have garnered quite a bit of attention. We had about 81k visitors drop by on the first day and for the most part, the feedback has been overwhelmingly positive. Most people have said it's great to have the data surfaced publicly and they've used that list to put some pressure on sites to up their game.

Accountability 167

Accountability Insurance Banking Media 167

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

AUGUST 3, 2018

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.

Engineering 276

Engineering 276

Krebs on Security

AUGUST 3, 2018

TCM Bank , a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.

Banking 204

Banking Data breaches Identity Theft Retail 204

Troy Hunt

AUGUST 2, 2018

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: BBQ time ?? pic.twitter.com/yq5hXOGABt — Troy Hunt (@troyhunt) August 3, 2018. References. Fashion Nexus suffered a data breach ("Is there an official statement?

Data breaches 133

Data breaches Passwords 133

Schneier on Security

AUGUST 1, 2018

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year.

275

275

WIRED Threat Level

JULY 29, 2018

Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.

Internet 112

Internet Internet 112

The Last Watchdog

AUGUST 2, 2018

The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying pr

Internet 160

Internet Internet Cybersecurity Education 160

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

JULY 31, 2018

The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar - yet.

Cybersecurity 111

Cybersecurity 111

Schneier on Security

AUGUST 1, 2018

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.

Big data 260

Big data Encryption Authentication IoT 260

Adam Levin

AUGUST 3, 2018

One of the world’s largest websites has announced a security compromise. Reddit, the self-proclaimed “front page of the Internet,” announced a security breach that occurred over a three-day period in June. What Happened. The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.

Authentication 100

Authentication Hacking Passwords Internet 100

The Last Watchdog

JULY 30, 2018

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

CISO 140

CISO Cyber Attacks Data collection Cybersecurity 140

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Adam Shostack

JULY 31, 2018

I’m honored to have my threat modeling book on this short list with Daniel Kahneman, Tony Hsieh, Nicole Forsgren, and Tom DeMarco: “ Summer Reading List: Top Recommendations from our Engineers.

Engineering 100

Engineering 100

Schneier on Security

JULY 30, 2018

Good policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems.

Cybersecurity 243

Cybersecurity 243

Security Affairs

AUGUST 1, 2018

Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October and November 2017, this means that for months Android users were exposed to the attack.

Malware 98

Malware Software Advertising Passwords 98

WIRED Threat Level

AUGUST 1, 2018

The Justice Department announced the arrest of three members of notorious cybercrime group Fin7—and detailed some of their methods in the process.

Cybercrime 78

Cybercrime Hacking 78

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Shostack

JULY 30, 2018

Cybersecurity 2.0 is a new promo from Humble Bundle. Nearly $800 worth of books, including my Threat Modeling, Schneier’s Secrets and Lies, and a whole lot more!

Cybersecurity 100

Cybersecurity 100

Schneier on Security

AUGUST 2, 2018

Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash.

229

229

Security Affairs

JULY 31, 2018

The security experts from Sophos have published a report on the multimillion-dollar black market business for crooks, they analyzed the SamSam ransomware case as a case study. The researchers that have tracked Bitcoin addresses managed by the crime gang discovered that crooks behind the SamSam ransomware had extorted nearly $6 million from the victims since December 2015 when it appeared in the threat landscape. “SamSam has earned its creator(s) more than US$5.9 Million since late 2015. 74

Ransomware 81

Ransomware Advertising Marketing Encryption 81

WIRED Threat Level

JULY 31, 2018

The company removed 32 pages and accounts from Facebook and Instagram for “coordinated inauthentic behavior.”.

Accountability 75

Accountability 75

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

AUGUST 1, 2018

An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.

Data breaches 68

Data breaches Passwords 68

Schneier on Security

JULY 31, 2018

The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?

Hacking 180

Hacking Surveillance 180

Security Affairs

AUGUST 1, 2018

Reddit Warns Users of Data Breach. Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.

Data breaches 80

Data breaches Backups Passwords Authentication 80

WIRED Threat Level

JULY 31, 2018

After five years, US lawmakers and law enforcement are starting to fight back against 3-D printed firearms and "ghost guns.".

75

75

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

AUGUST 1, 2018

HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.

Hacking 65

Hacking 65

Schneier on Security

AUGUST 3, 2018

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military needs a cyber corps in the future, but by accelerating promotions, offering graduate school to newly commissioned officers, easing limited lateral entry for exceptional private-sector talent, and shortening

Hacking 153

Hacking Cybersecurity 153

Security Affairs

JULY 30, 2018

ICO platforms are becoming a privileged target for hackers, the last victim in order of time is KickICO, a Blockchain crowdfunding website for ICO. On Friday, KickICO disclosed a security breach, according to the platform attackers accessed to its wallets and stole over 70 million KICK tokens (roughly $7.7 million at the time). The incident occurred on July 26, at 09:04 UTC, KickICO CEO Anti Danilevski explained that its staff learned of the security breach from victims who complained to it. 

Advertising 76

Advertising Data breaches Marketing Hacking 76

WIRED Threat Level

AUGUST 2, 2018

The Democratic National Committee will award $500 to the child who comes up with the best defensive strategy for state election websites at Def Con next week.

73

73

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!