Troy Hunt

JANUARY 31, 2018

This is probably the most self-explanatory blog post title I've ever written! But be that as it may, it deserves some explanation as to how I've arrived at this point and like many great ideas, it began over some beers. I've just arrived home to the Gold Coast in Australia which I frequently describe to people as "the sunny part of the sunny country" I'm literally sitting on a beach writing this blog post and frankly, I'd like to spend more time here.

Hacking 172

Hacking Media 172

Schneier on Security

JANUARY 29, 2018

In November, the company Strava released an anonymous data-visualization map showing all the fitness activity by everyone using the app. Over this weekend, someone realized that it could be used to locate secret military bases: just look for repeated fitness activity in the middle of nowhere. News article.

157

157

Thales Cloud Protection & Licensing

JANUARY 31, 2018

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

Digital transformation 130

Digital transformation Data breaches Encryption Cloud Migration 130

WIRED Threat Level

JANUARY 31, 2018

The special counsel is under attack, but if Robert Mueller gets fired, the investigation into Trump’s Russia ties and obstruction of justice could keep going.

111

111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

FEBRUARY 1, 2018

I've long been a proponent of Content Security Policies (CSPs). I've used them to fix mixed content warnings on this blog after Disqus made a little mistake , you'll see one adorning Have I Been Pwned (HIBP) and I even wrote a dedicated Pluralsight course on browser security headers. I'm a fan (which is why I also recently joined Report URI ), and if you're running a website, you should be too.

117

117

Schneier on Security

JANUARY 29, 2018

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: " Estimating the Global Cost of Cyber Risk: Methodology and Examples ": Abstract : There is marked variability from study to study in the estimated direct and systemic costs of cyber incidents, which is further complicated by the considerable variation in cyber risk in differe

Internet 151

Internet Internet Cyber Risk Risk 151

WIRED Threat Level

JANUARY 29, 2018

The US military is reexamining security policies after fitness tracker data shared on social media revealed bases and patrol routes.

Media 106

Media 106

Troy Hunt

JANUARY 27, 2018

I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late as my Friday was absolutely non-stop in Denmark. I talk about that below including the preceding days involving some pretty full on sledding in Norway, workshops, talks, ice, slush and snow.

InfoSec 115

InfoSec Password Management Passwords 115

Schneier on Security

FEBRUARY 2, 2018

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003.

Malware 141

Malware Antivirus Software Accountability 141

Dark Reading

JANUARY 30, 2018

For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.

Phishing 68

Phishing 68

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

FEBRUARY 2, 2018

The Devin Nunes memo that purports to show improper surveillance practices is out—and national security experts say it falls far short of the hype.

Surveillance 94

Surveillance 94

Troy Hunt

FEBRUARY 2, 2018

I'm home! It's nice being home ??. This week I start by getting a couple of things off my chest, namely some pretty wacky reactions to my suggesting that we're never going to see a coders' hippocratic oath and how I feel when media outlets say "the dark web" Plus, I've got news around running workshops in Europe with Scott Helme and me finally getting a content security policy on this blog.

Media 110

Media Hacking 110

Schneier on Security

JANUARY 30, 2018

Local residents are opposing adding an elevator to a subway station because terrorists might use it to detonate a bomb. No, really. There's no actual threat analysis, only fear: "The idea that people can then ride in on the subway with a bomb or whatever and come straight up in an elevator is awful to me," said Claudia Ward, who lives in 15 Broad Street and was among a group of neighbors who denounced the plan at a recent meeting of the local community board.

132

132

Kali Linux

JANUARY 29, 2018

“Whether you’re new to the fight, or a seasoned pro, don’t stop training…” This statement, like the video that introduced it, has real punch. We did this on purpose to get you fired up, excited about your training, and to kickstart your journey. If it worked, and you’re in the fight, welcome aboard! If you haven’t jumped in for whatever reason, we want to introduce you to the plethora of resources we’ve made available to help you master Kali Linux

Penetration Testing 52

Penetration Testing Encryption Firewall Social Engineering 52

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

JANUARY 31, 2018

The "jackpotting" ATM attack drained tens of millions of dollars worldwide before landing in the United States.

Hacking 104

Hacking 104

Threatpost

JANUARY 29, 2018

ATM maker NCR Corp. is warning that cyber criminals are hacking U.S. cash machines with malware that can drain machines dry of cash.

Malware 68

Malware Hacking 68

Schneier on Security

FEBRUARY 1, 2018

Brian Krebs is reporting sophisticated jackpotting attacks against US ATMs. The attacker gains physical access to the ATM, plants malware using specialized electronics, and then later returns and forces the machine to dispense all the cash it has inside. The Secret Service alert explains that the attackers typically use an endoscope -- a slender, flexible instrument traditionally used in medicine to give physicians a look inside the human body -- to locate the internal portion of the cash machin

Computers and Electronics 128

Computers and Electronics Malware 128

Dark Reading

JANUARY 31, 2018

Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.

51

51

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

JANUARY 30, 2018

While helpful and creative, Chrome extensions have also become a new playground for hackers intent on stealing your data.

Malware 94

Malware 94

Threatpost

JANUARY 31, 2018

In 2017 Google removed apps that violated the Google Play policies because they were malicious, purposely copied a more popular app or served up inappropriate content.

Mobile 49

Mobile Malware 49

eSecurity Planet

FEBRUARY 2, 2018

Fine-tuning firewall rules is a critical and often overlooked IT security practice that can minimize network breaches while maximizing performance.

Firewall 52

Firewall 52

Dark Reading

FEBRUARY 1, 2018

Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.

59

59

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

FEBRUARY 1, 2018

Two state-sponsored hacking operations are plaguing Pyeongchang, with murky motivations and no clear endgame.

Hacking 91

Hacking 91

Threatpost

FEBRUARY 1, 2018

A zero-day exploit targeting Adobe Flash Players has been reported by the South Korean Computer Emergency Response Team and confirmed by Adobe.

Malware 51

Malware Hacking 51

Spinone

FEBRUARY 2, 2018

Today, mobile devices, mostly tablets and smartphones, are widely expanding and becoming an integral part of our daily life. Users are increasingly storing their personal data on the devices, which they practically do not let out of their hands. It’s practical and useful, but at the same time, it gives rise to new problems. Easily accessible valuable information increases the risk of online threats.

Ransomware 40

Ransomware Malware Mobile Encryption 40

Dark Reading

FEBRUARY 2, 2018

The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.

Mobile 52

Mobile 52

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

JANUARY 30, 2018

US regulators and Facebook are finally coming for bogus ICOs.

Cryptocurrency 97

Cryptocurrency Scams 97

Threatpost

JANUARY 30, 2018

Cisco Systems released a patch Monday to fix a critical security vulnerability, with a CVSS rating of 10, in its Secure Sockets Layer VPN solution called Adaptive Security Appliance.

VPN 43

VPN Firewall 43

Schneier on Security

JANUARY 31, 2018

According to this story (non-paywall English version here ), Israeli scientists released some information to the public they shouldn't have. Defense establishment officials are now trying to erase any trace of the secret information from the web, but they have run into difficulties because the information was copied and is found on a number of platforms.

Internet 147

Internet Internet 147

Dark Reading

JANUARY 29, 2018

Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.

Information Security 48

Information Security 48

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk