Sat.Nov 18, 2017 - Fri.Nov 24, 2017

article thumbnail

I'm Testifying in Front of Congress in Washington DC about Data Breaches - What Should I Say?

Troy Hunt

There's a title I never expected to write! But it's exactly what it sounds like and on Thursday next week, I'll be up in front of US congress on the other side of the world testifying about the impact of data breaches. It's an amazing opportunity to influence decision makers at the highest levels of government and frankly, I don't want to stuff it up which is why I'm asking the question - what should I say?

article thumbnail

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

Schneier on Security

The security researchers at Princeton are posting. You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Intel Management Engine Flaws Leave Millions of PCs Exposed

WIRED Threat Level

Security experts have warned of Intel's Management Engine for years. A new set of confirmed vulnerabilities that impact PCs, servers, and IoT devices shows they may have been right.

article thumbnail

‘Tis the season for proliferating payment options…and risk

Thales Cloud Protection & Licensing

It’s hard to believe that the holiday season is already upon us with both the biggest online and offline shopping events just around the corner. The one-two punch of Black Friday and Cyber Monday are the highest volume shopping days of the year and finding the best deals can be a hobby in itself. In 2016, 108.5 million Americans shopped online over the long weekend.

Risk 90
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Weekly Update 62 (Rockhampton Edition)

Troy Hunt

This is going to be a couple of weeks of polar opposite updates: This week I'm in Rockhampton, a regional centre in my home state where I'm surrounded by gum trees, chirping birds and a croc-invested river. Next week will be Washington DC where I'll have just finished testifying in front of US Congress. Whoa. That's the big story this week. This year.

article thumbnail

Vulnerability in Amazon Key

Schneier on Security

Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don't abuse their one-time access privilege. Cloud Cam has been hacked : But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen.

IoT 151

More Trending

article thumbnail

Key Findings from the 2017 Thales Encryption Trends Study: Australia

Thales Cloud Protection & Licensing

Security: moving up the executive stack. The last few years will be remembered for frequent, large and damaging data breaches. They’ve impacted big business and small, private and public organisations, in Australia and around the world. When it comes to data security, hackers don’t discriminate. This has made senior executives everywhere sit up and take notice, with companies concerned about being compromised and becoming tomorrow’s news headline.

article thumbnail

Samsung Pay Leaks Mobile Device Information

Dark Reading

Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.

Mobile 80
article thumbnail

Amazon Creates Classified US Cloud

Schneier on Security

Amazon has a cloud for U.S. classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it.

article thumbnail

What Amazon Echo and Google Home Do With Your Voice Data—And How to Delete It

WIRED Threat Level

Like the idea of Amazon Echo and Google Home, but feel uneasy about all that recording? Here's what they listen to—and how to delete it.

110
110
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

The Hay CFP Management Method – Part 2

Andrew Hay

I’ve had a lot of positive feedback from my first post which explained how to create the Trello board to track your Call For Paper (CFP) due dates, submissions, and results. In this post, I’ll explain how to create the cards and populate them with the required data to better manage your CFP pipeline. To start your first card click the ‘Add a card…’ link in the CFP Open swim lane.

65
article thumbnail

Key Findings from the 2017 Thales Encryption Trends Study: Australia

Thales Cloud Protection & Licensing

Security: moving up the executive stack. The last few years will be remembered for frequent, large and damaging data breaches. They’ve impacted big business and small, private and public organisations, in Australia and around the world. When it comes to data security, hackers don’t discriminate. This has made senior executives everywhere sit up and take notice, with companies concerned about being compromised and becoming tomorrow’s news headline.

article thumbnail

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more.

Internet 127
article thumbnail

The US Global Engagement Center's Fight Against Russian Propaganda Has Barely Started

WIRED Threat Level

Former staffers of the State Department's Global Engagement Center, tasked with fighting propaganda, say that 'administrative incompetence' has hamstrung efforts.

100
100
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

DDoS Attack Attempts Doubled in 6 Months

Dark Reading

Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.

DDOS 78
article thumbnail

Profile of the Month: Ashvin Kamaraju, Global Vice President of Engineering

Thales Cloud Protection & Licensing

“I did not plan my foray into security,” says Ashvin Kamaraju who, to date, has racked up an impressive seven-year tenure at Thales eSecurity. With a background in operating systems, file systems and storage, Ashvin was initially hired to help scale products in those areas. In the process, he developed an interest and expertise in data security. Ashvin has certainly traveled an unconventional path into a leadership role in enterprise security (believe it or not, he holds undergraduate and gradua

article thumbnail

Kali Linux 2017.3 Release

Kali Linux

We are pleased to announce the immediate availability of Kali Linux 2017.3 , which includes all patches, fixes, updates, and improvements since our last release. In this release, the kernel has been updated to 4.13.10 and it includes some notable improvements: CIFS now uses SMB 3.0 by default EXT4 directories can now contain 2 billion entries instead of the old 10 million limit TLS support is now built into the kernel itself In addition to the new kernel and all of the updates and fixes we pull

article thumbnail

Stopping Robocalls Will Soon Be Easier Than Ever

WIRED Threat Level

US consumers suffer 80 million robocalls a day. But a new crackdown—along with some clever apps—could help put a lid on your biggest mobile nuisance.

Mobile 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

6 Real Black Friday Phishing Lures

Dark Reading

As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.

article thumbnail

HP to Patch Bug Impacting 50 Enterprise Printer Models

Threatpost

HP said dozens of enterprise-class printer models will receive a patch for an arbitrary code execution vulnerability sometime this week.

Malware 66
article thumbnail

Ten Top Next-Generation Firewall (NGFW) Vendors

eSecurity Planet

Next-generation firewalls (NGFW) are essential to IT security and make up a $10 billion market. We review ten of the best.

article thumbnail

Uber Hid 57-Million User Data Breach For Over a Year

WIRED Threat Level

The ridesharing service's latest scandal combines routine security negligence with an "appalling" coverup.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Time to Pull an Uber and Disclose your Data Breach Now

Dark Reading

There is never a good time to reveal a cyber attack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.

article thumbnail

Intel Patches CPU Bugs Impacting Millions of PCs, Servers

Threatpost

Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications.

article thumbnail

Palo Alto Networks PA Series: Next-Gen Firewall Overview and Analysis

eSecurity Planet

We review Palo Alto Networks' next-gen firewalls, which classify all traffic based on application, application function, user and content.

article thumbnail

Artificial Intelligence Can Hunt Down Missile Sites in China Hundreds of Times Faster Than Humans

WIRED Threat Level

Teaching deep learning algorithms to find surface-to-air missile sites and much more in satellite images.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

3 Pillars of Cyberthreat Intelligence

Dark Reading

Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.

article thumbnail

Uber Reveals 2016 Breach of 57 Million User Accounts

Threatpost

Uber CEO said a 2016 data breach that exposed 57 million Uber user accounts and a subsequent payment of $100,000 to a hacker to delete data and keep it a secret is inexcusable.

article thumbnail

Barracuda F-Series: Firewall Overview and Analysis

eSecurity Planet

We review Barracuda F-Series next-gen firewalls, which protect the network at headquarters, in the cloud and on every WAN endpoint.

article thumbnail

Feds Indict Iranian for HBO Hack—But Extradition Isn't Likely

WIRED Threat Level

Months after tormenting HBO with the release of unaired episodes and *Game of Thrones* spoilers, the alleged hacker has been indicted.

Hacking 76
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.