Troy Hunt
DECEMBER 20, 2017
This week, I've been writing up my 5-part guide on "Fixing Data Breaches" On Monday I talked about the value of education ; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach , namely by collecting a lot less data in the first place then recognising that it belongs to the person who provided it and treating with the appropriate respect.
Schneier on Security
DECEMBER 19, 2017
Now this is good news. The UK's National Cyber Security Centre (NCSC) -- part of GCHQ -- found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft. I'd like believe the US does this, too.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
DECEMBER 19, 2017
The urge to fight one decisive battle has undone countless real-world rebellions—and those in the Star Wars universe as well.
Dark Reading
DECEMBER 18, 2017
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
DECEMBER 19, 2017
Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed?
Schneier on Security
DECEMBER 18, 2017
Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be encouraged and promoted. In addition, the update and replacement capacity, both remote and physical, should be increased.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Thales Cloud Protection & Licensing
DECEMBER 20, 2017
Thanks to heightened consumer confidence, a rise in proximity payments adoption and ongoing developments in biometrics, the payments industry continued to undergo digital transformation throughout 2017. We’re now seeing big data play an increasing role in how retail sales and payments are being tailored to individual consumer’s preferences, and providers are adopting and integrating smarter, more efficient ways of completing the path-to-purchase.
Troy Hunt
DECEMBER 21, 2017
In the first 4 parts of "Fixing Data Breaches", I highlighted education , data ownership and minimisation , the ease of disclosure and bug bounties as ways of addressing the problem. It was inevitable that we'd eventually end up talking about penalties though because the fact remains that although all the aforementioned recommendations make perfect sense, we're still faced with data breaches day in and day out from companies just not getting the message.
Schneier on Security
DECEMBER 20, 2017
Brian Krebs has a long article on the Mirai botnet authors, who pled guilty.
WIRED Threat Level
DECEMBER 20, 2017
They can be hacked. They're a privacy nightmare. This year, it's not too late to keep the IoT toys away from the tree.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Thales Cloud Protection & Licensing
DECEMBER 19, 2017
As 2017 draws to a close, the trends and innovations that will shape the technology industry over the coming weeks, months and years were brought into sharper focus over the course of the last twelve months. Cloud computing has gone mainstream for many enterprises, and the Internet of Things (IoT) is changing how both industrial and consumer-oriented companies do business.
Troy Hunt
DECEMBER 20, 2017
Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education ; let's do a better job of stopping these incidents from occurring in the first place by avoiding well-known coding and configuration flaws.
Dark Reading
DECEMBER 19, 2017
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
WIRED Threat Level
DECEMBER 19, 2017
As the US government points the finger at North Korea for the WannaCry ransomware epidemic, it also needs to acknowledge the role of its leaked hacking tools.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Thales Cloud Protection & Licensing
DECEMBER 21, 2017
The nonprofit GDI Foundation has tracked close to 175,000 examples of misconfigured software and services on the cloud this year. As more and more organizations are moving to the cloud, the number of leaky servers is increasing. We have seen several AWS data leaks this year – from Booz Allen Hamilton to the WWE – that have left millions of private records exposed.
eSecurity Planet
DECEMBER 20, 2017
The information, from data analytics firm Alteryx, was in an Amazon S3 bucket configured to provide any AWS user with access.
Dark Reading
DECEMBER 19, 2017
A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.
WIRED Threat Level
DECEMBER 20, 2017
To safeguard AI, we’re going to need to solve the problem of ‘adversarial examples.’.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Threatpost
DECEMBER 19, 2017
The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries.
eSecurity Planet
DECEMBER 21, 2017
The cyber security skills shortage remains unfilled, so security pros can expect good pay and opportunities for the foreseeable future.
Dark Reading
DECEMBER 19, 2017
Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.
WIRED Threat Level
DECEMBER 21, 2017
A Health and Human Services hackathon produced smart ideas for the fight against opioid addiction—but can only do so much in the face of a collapsing health care system.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
DECEMBER 19, 2017
Google’s Project Zero team dubs a new WPAD-related attack as an “aPAColypse Now” that allows a local attacker to compromise a targeted and fully patched Windows 10 PC.
eSecurity Planet
DECEMBER 22, 2017
Just 25 percent of U.S. consumers use two-factor authentication, and just 45 percent use a PIN to protect their mobile device.
Dark Reading
DECEMBER 18, 2017
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
WIRED Threat Level
DECEMBER 16, 2017
A Facebook bug, the Kaspersky ban becomes law, and more of the week's top security news.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
DECEMBER 18, 2017
Researchers warn hundreds of Lexmark printers are vulnerable to a trivial hack thanks to user “gross negligence.”.
eSecurity Planet
DECEMBER 21, 2017
VIDEO: Michael Daniel, President of the CTA and former official in the Obama Administration, provides insight into what went wrong at OPM and why encryption isn't enough.
Dark Reading
DECEMBER 19, 2017
CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.
WIRED Threat Level
DECEMBER 22, 2017
The VR action game Star Trek: Bridge Crew just lost its virtual reality requirement, Ubisoft has announced, saying the new non-VR option is arriving as a free update. Bridge Crew lets players experience the Star Trek universe in a virtual ship, taking on a particular role within that ship to help tackle obstacles and otherwise face various in-universe challenges.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
217 
Let's personalize your content