Troy Hunt
DECEMBER 13, 2017
Occasionally, I feel like I'm just handing an organisation more shovels - "here, keep digging, I'm sure this'll work out just fine." The latest such event was with NatWest (a bank in the UK), and it culminated with this tweet from them: I'm sorry you feel this way. I can certainly pass on your concerns and feed this back to the tech team for you Troy?
Schneier on Security
DECEMBER 15, 2017
Interesting research : The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can determine how fast a person is traveling and what kind of movements they make.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
DECEMBER 9, 2017
In an age of nonstop breaches and hacks, here are ways to improve your online security based on your level of risk, from average user to NSA contractor.
Thales Cloud Protection & Licensing
DECEMBER 11, 2017
A couple weeks ago I attended yet another successful AWS Re:Invent conference. For those of you that don’t already know, AWS Re:Invent is Amazon Web Services premier cloud conference for customers, partners, and industry professionals. There was a noticeable increase in attendance at this year’s show, and keynote presentations from AWS’ CEO Andy Jassy and Amazon.com’s VP & CTO Werner Vogels did not disappoint.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
DECEMBER 12, 2017
I've been gradually coming to this conclusion of my own free will, but Phil Schiller's comments last week finally cemented it for me: Face ID stinks. I wrote about the security implementations of Face ID just after it was announced and that piece is still entirely relevant today. To date, we haven't seen practical attacks against it that should worry the masses and the one piece that suggests it's vulnerable has been pretty thoroughly debunked by Dan Goodin at Ars Technica.
Schneier on Security
DECEMBER 12, 2017
Last month, the DHS announced that it was able to remotely hack a Boeing 757: "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration," said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate. "[Which] means I didn't have anybody touching the airplane, I didn't have an insider threat.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Dark Reading
DECEMBER 15, 2017
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
Troy Hunt
DECEMBER 11, 2017
As many followers know, I run a workshop titled Hack Yourself First where I spend a couple of days with folks running through all sorts of common security issues and, of course, how to fix them. I must have run it 50 times by now so it's a pretty well-known quantity, but there's one module more than any other that changes at a fierce rate - HTTPS. I was thinking about it just now when considering how to approach this post launching the new course because let's face it, I've got a lot of material
Schneier on Security
DECEMBER 14, 2017
Security Planner is a custom security advice tool from Citizen Lab. Answer a few questions, and it gives you a few simple things you can do to improve your security. It's not meant to be comprehensive, but instead to give people things they can actually do to immediately improve their security. I don't see it replacing any of the good security guides out there, but instead augmenting them.
WIRED Threat Level
DECEMBER 15, 2017
MobileCoin aims to make cryptocurrency transactions quick and easy for everyone, while still preserving privacy and decentralization.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
DECEMBER 15, 2017
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
Troy Hunt
DECEMBER 15, 2017
I actually got a lot of writing done this week! Plus travelled to Sydney and then Melbourne to speak at a couple of events so that's a pretty good week IMHO. What's especially good is that there's no more flights or hotel rooms in 2017 for me! As for this week, there's a bunch of stuff around a new Pluralsight course, my dismay with Face ID and a bit of taking a UK bank to task.
Schneier on Security
DECEMBER 13, 2017
Good article on the history and practice of e-mail tracking: The tech is pretty simple. Tracking clients embed a line of code in the body of an email -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device.
WIRED Threat Level
DECEMBER 9, 2017
If a troll is spilling your personal info across the internet, you have ways to fight back. Eva Galperin, director of cybersecurity at the EFF, shares tips.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
DECEMBER 14, 2017
Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
Threatpost
DECEMBER 14, 2017
A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network. .
Schneier on Security
DECEMBER 11, 2017
The FDA has approved a pill with an embedded sensor that can report when it is swallowed. The pill transmits information to a wearable patch, which in turn transmits information to a smartphone.
WIRED Threat Level
DECEMBER 12, 2017
The Islamic State is designing and mass-producing its own advanced munitions—with parts from all over the world.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
DECEMBER 15, 2017
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
Threatpost
DECEMBER 15, 2017
Malware intended for a “high-impact” attack against safety systems likely would of caused physical damage to a targeted company located in the Middle East.
Privacy and Cybersecurity Law
DECEMBER 13, 2017
Today the Standing Committee on Industry, Science and Technology presented its report on Canada’s Anti-Spam Law (CASL) to the House […].
WIRED Threat Level
DECEMBER 13, 2017
Over seven months, 39 Nicholas Thompsons submitted net neutrality comments to the FCC. We tried to track each of them down.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
DECEMBER 13, 2017
New York Attorney General Eric Schneiderman updates the investigation into fake content submitted during the net neutrality comment process.
Threatpost
DECEMBER 13, 2017
New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.
Privacy and Cybersecurity Law
DECEMBER 13, 2017
In 2014, the National Institute of Standards and Technology (NIST) released its first version of the Framework for Improving Critical […].
WIRED Threat Level
DECEMBER 9, 2017
Want to keep outsiders from listening in on your chats, phone calls, and more? Encrypt them. All of them.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
DECEMBER 14, 2017
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
Threatpost
DECEMBER 12, 2017
A ransomware campaign targeting the Balkans comes with a 96-hour deadline and includes a link to a video that assures victims payments can be made easily.
Privacy and Cybersecurity Law
DECEMBER 13, 2017
Today the Standing Committee on Industry, Science and Technology presented its report on Canada’s Anti-Spam Law (CASL) to the House of Commons, as part of the three-year CASL statutory review. The report title is telling: Canada’s Anti-Spam Legislation: Clarifications are in Order. Having heard 40 witnesses ranging from CRTC counsel and enforcement staff, to small and large businesses and business associations, to consumer protection and privacy experts, the Committee made a strong
WIRED Threat Level
DECEMBER 9, 2017
Keep your device safe from snoops with basic precautions like setting the right PIN and vetting your app permissions.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
275 
Let's personalize your content