Troy Hunt

JULY 12, 2018

It was Jan last year that I suggested HTTPS adoption had passed the "tipping point" , that is it had passed the moment of critical mass and as I said at the time, "will very shortly become the norm" Since that time, the percentage of web pages loaded over a secure connection has rocketed from 52% to 71% whilst the proportion of the world's top 1 million websites redirecting people to HTTPS has gone from 20% to about half (projected).

DNS 276

DNS Wireless Risk Banking 276

Schneier on Security

JULY 13, 2018

This is weird : Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers. The theft, reported by Fox 2 Detroit , took place at around 1pm local time on June 23 at a Marathon gas station located about 15 minutes from downtown Detroit.

Hacking 167

Hacking Cybercrime 167

Krebs on Security

JULY 11, 2018

Score one for the good guys: Bitcanal , a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company’s bandwidth providers chose to sever ties with the company. Spammers and Internet service providers (ISPs) that facilitate such activity often hijack Internet address ranges that have gone unused for periods of time.

Internet 141

Internet Internet Advertising 141

The Last Watchdog

JULY 13, 2018

There’s a new breed of identity thief at work plundering consumers and companies. However, these fraudsters don’t really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast majority of Americans. Related article: 7 hacks signaling a coming global cyber war.

Digital transformation 133

Digital transformation Media Hacking Internet 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

JULY 13, 2018

Not only has this been a super busy blogging week, it's also the week my coffee machine decided to die ?? It's not terminal, it's just continually leaking so it's off for a service and I have to fuel my productivity through other means. But fuel it I did and I spent a big whack of the week doing things I hope to talk about next week (namely some major architectural changes to HIBP services), as well as preparing both the Pemiblanc credential stuffing list for HIBP and then pushing out Pwned Pass

Passwords 114

Passwords Architecture Data breaches Phishing 114

Schneier on Security

JULY 10, 2018

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we humans routinely leave thermal residues on various objects with which we come in contact.

Passwords 139

Passwords 139

The Last Watchdog

JULY 12, 2018

The discovery of sensitive U.S. military information for sale on the Dark Web for a nominal sum, in and of itself, is unfortunate and unremarkable. However, details of the underlying hack , ferreted out and shared by researchers of the Insikt Group, an arm of the security research firm Recorded Future, are most welcomed. They help frame wider questions, and pave the way for improved best practices.

Internet 105

Internet Internet Government Technology 105

Adam Levin

JULY 9, 2018

Timehop, an app for archiving social media activities, was breached on July 4. The breach compromised data for 21 million users from the company’s cloud environment including names, email addresses, and the phone numbers for roughly a quarter of them. In an email to their users, Timehop stated: “The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service.

Data breaches 100

Data breaches Media Cyber Attacks 100

Schneier on Security

JULY 9, 2018

Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the properties of windows running in the same session. This can be used to inject code and drop files while also hiding the fact it has happened, making it a useful, stealthy attack.

Malware 124

Malware Passwords 124

Adam Shostack

JULY 12, 2018

So this week’s threat model Thursday is simply two requests: What would you like to see in the series? What would you like me to cover in my Blackhat talk, “ Threat Modeling in 2018 ?” “Attacks always get better, and that means your threat modeling needs to evolve. This talk looks at what’s new and important in threat modeling, organizes it into a simple conceptual framework, and makes it actionable.

Media 100

Media Engineering 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Last Watchdog

JULY 11, 2018

We’re undergoing digital transformation , ladies and gentlemen. And we’re in a nascent phase where clever advances are blossoming even as unprecedented data breaches arise in parallel. The latest example of this dichotomy comes from Timehop, a service that enables social media users to plug into their past. On Sunday, Timehop shared details about how a hacker got into their network, conducted several reconnaissance forays, and then moved swiftly on July 4th to pilfer personal information for 21

Digital transformation 103

Digital transformation Firewall Mobile Media 103

WIRED Threat Level

JULY 10, 2018

Mail.ru also ran hundreds of apps on Facebook at a time when the platform’s policies allowed app developers to collect their users' friends' data.

Internet 111

Internet Internet 111

Thales Cloud Protection & Licensing

JULY 9, 2018

The digital transformation has changed how the world does business. It has created whole new enterprises and industries, but it has also left many organizations vulnerable to new and destructive threats. Digital transformation can and does deliver increased efficiencies, improved decision-making, lower costs, improved reach, and higher profits. But it also frequently relies on increasing amounts of personal and other sensitive data.

Digital transformation 75

Digital transformation Financial Services Healthcare Encryption 75

Adam Shostack

JULY 9, 2018

[Update: clarified a sentence about whose privacy is touched, and where.]. I had missed the story “ Big Brother on wheels: Why your car company may know more about you than your spouse. ” There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do not collect any data from the vehicle.

Technology 100

Technology Personal Security Surveillance 100

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JULY 11, 2018

Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.

74

74

WIRED Threat Level

JULY 10, 2018

Cody Wilson makes digital files that let anyone 3-D print untraceable guns. The government tried to stop him. He sued—and won.

Government 111

Government 111

Thales Cloud Protection & Licensing

JULY 12, 2018

The Internet of Things (IoT) is very crowded. Connected devices outnumber people. The United Nations estimates the current world population at 7.6 billion 1 , and Gartner projects over 20.8 billion devices will be connected to the Internet by 2020 2. Connected things are what make the IoT – sensors, cameras, wearable electronics, medical devices, automatic controls.

IoT 72

IoT Data collection Encryption eCommerce 72

Adam Shostack

JULY 13, 2018

Oddly, I am unable to find this on Etsy. Perhaps the Disney Corporation, new owners of Star Wars, doesn’t like mousetraps?

100

100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

JULY 12, 2018

Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura - and a new baby food business venture with his wife and famed chef, Kathy Fang.

61

61

WIRED Threat Level

JULY 9, 2018

There haven't been as many hacks and attacks compared to this time last year, but that's where the good news ends.

Cybersecurity 110

Cybersecurity Hacking 110

Thales Cloud Protection & Licensing

JULY 11, 2018

Whether offering instant access to patient records, allowing remote diagnosis of treatment, or giving access to lifestyle management and monitoring apps, it’s undeniable that the Internet of Things (IoT) and connected services are revolutionising the healthcare industry. Working to improve operational efficiencies and deliver a greater level of care, the now-dubbed ‘Connected Health’ market has grown to such an extent recently that it is expected to be worth more than £450 billion by 2024.

Technology 72

Technology Healthcare IoT Encryption 72

Kali Linux

JULY 9, 2018

We have covered how to create secure “throw-away hack boxes” using the Raspberry Pi before , but we thought it was time to go back and take a look at the process again. With all the new Raspberry Pi models and Kali changes from when we last covered this, we found the old process was in need of some updating. As a review, what we are trying to accomplish is to create a standalone “leave behind” device that, when discovered, does not make it easy to figure out what you were

Backups 52

Backups Encryption Wireless Passwords 52

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JULY 11, 2018

The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.

Data breaches 72

Data breaches 72

WIRED Threat Level

JULY 10, 2018

The bug serves as a reminder of China-friendly censorship code hidden in all iOS devices.

106

106

Thales Cloud Protection & Licensing

JULY 13, 2018

We have come a long way since the GPS watch. Now cities like Barcelona use sensors to monitor everything from noise pollution to waste management. We are on the brink of smart cities, smart clothing, smart farming, house automation and even the IoMT (Internet of Medical Things), which promises to radically improve healthcare. We live in the digital era of hyperconnectivity.

IoT 48

IoT Encryption Authentication Internet 48

Threatpost

JULY 12, 2018

The thief also had a second dataset, including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course and documentation on improvised explosive device (IED) mitigation tactics.

Hacking 47

Hacking 47

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

JULY 10, 2018

Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.

Hacking 62

Hacking Software 62

WIRED Threat Level

JULY 8, 2018

From hacking protections to smarter two-factor authentication, Apple's iOS 12 will lock down your iPhone better than ever.

Authentication 89

Authentication Hacking 89

eSecurity Planet

JULY 10, 2018

VIDEO: Dirk Hohndel, VP and Chief Open-Source Officer at VMware, talks about how dev security should be done, whether the code is open source or proprietary.

50

50

Threatpost

JULY 9, 2018

InfoSec Insider Chris Eng tackles how companies can bring bridge the divide between software developers and cybersecurity teams to bring to market reliable and secure applications.

InfoSec 46

InfoSec Cybersecurity Marketing Software 46

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk