Troy Hunt
FEBRUARY 26, 2018
tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. Those 80M records are now searchable, read on for the full story: There's an unknown numbers of data breaches floating around the web.
Schneier on Security
FEBRUARY 26, 2018
If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
MARCH 1, 2018
On Wednesday, a 1.3Tbps DDoS attack pummeled GitHub for 15-20 minutes. Here's how it stayed online.
Elie
FEBRUARY 26, 2018
The "Right To Be Forgotten" (RTBF) is the landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs from across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information surfaced by queries containing the name of the requester.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Troy Hunt
MARCH 1, 2018
If I'm honest, I'm constantly surprised by the extent of how far Have I Been Pwned (HIBP) is reaching these days. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking "I wonder if people actually know where their data has been exposed?" I built it in part to help people answer that question and in part because my inner geek wanted to build an interesting project on Microsoft's Azure.
Schneier on Security
MARCH 2, 2018
Since you don't have enough to worry about, here's a paper postulating that space aliens could send us malware capable of destroying humanity. Abstract : A complex message from space may require the use of computers to display, analyze and understand. Such a message cannot be decontaminated with certainty, and technical risks remain which can pose an existential threat.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Dark Reading
MARCH 2, 2018
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
Troy Hunt
MARCH 2, 2018
Massive, massive week! I'm not trying to make these videos longer (and the next two while I'm overseas will definitely be shorter), but yeah, this week was a biggie. Pwned Passwords dominated throughout, interrupted only by a few thousand new data breaches going into HIBP. But the big one - at least to me in terms of the significance - is the UK and Aussie governments now using HIBP to monitor their gov domains.
Schneier on Security
FEBRUARY 27, 2018
Forbes reports that the Israeli company Cellebrite can probably unlock all iPhone models: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11.
WIRED Threat Level
FEBRUARY 28, 2018
Facebook recently expanded its face recognition features—and you may have opted in without even realizing it.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Dark Reading
MARCH 1, 2018
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
Thales Cloud Protection & Licensing
MARCH 1, 2018
Around the world, enterprises are anxious about May 25, 2018, the day enforcement begins for the European Union’s General Data Protection Regulation (GDPR). They have good reason. Perhaps the most comprehensive data privacy standard to date, the GDPR presents a significant challenge for organizations that process the personal data of EU citizens – regardless of where the organization is headquartered or processes the data.
Schneier on Security
FEBRUARY 28, 2018
Apple is bowing to pressure from the Chinese government and storing encryption keys in China. While I would prefer it if it would take a stand against China, I really can't blame it for putting its business model ahead of its desires for customer privacy. Two more articles.
WIRED Threat Level
MARCH 1, 2018
While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Dark Reading
FEBRUARY 26, 2018
Updated data on zero-days, IoT threats, cryptomining, and economic costs should keep eyebrows raised in 2018.
Elie
MARCH 2, 2018
Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a crypto-currency such as Bitcoin. In this paper, we create a measurement framework that we use to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims, and operators. By combining an array of data sources, including ransomware binaries, seed ransom payments, victim telemetry from infections, and a large database of Bitcoin addresses annotated with their owne
Schneier on Security
MARCH 1, 2018
Two weeks ago, I blogged about the myriad of hacking threats against the Olympics. Last week, the Washington Post reported that Russia hacked the Olympics network and tried to cast the blame on North Korea. Of course, the evidence is classified, so there's no way to verify this claim. And while the article speculates that the hacks were a retaliation for Russia being banned due to doping, that doesn't ring true to me.
WIRED Threat Level
MARCH 2, 2018
By leaving Instagram followers off the public record, Columbia researcher Jonathan Albright says Facebook is making the Russian trolls' true audience appear artificially low.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
eSecurity Planet
FEBRUARY 28, 2018
Here are some steps you can take to reduce the risk of becoming an unwitting accomplice to cryptojacking attacks.
Dark Reading
MARCH 2, 2018
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement.
Thales Cloud Protection & Licensing
FEBRUARY 27, 2018
At the start of the year, Thales released the findings of its latest annual global Data Threat Report which found that, as businesses everywhere undergo a form of digital transformation, the risk of data breaches has reached an all-time high. According to the report, 37 percent of organisations use sensitive data with mobile applications and 91 percent are either using or are planning to use mobile payments. 41 percent of the organisations surveyed for the report expressed concern about the secu
WIRED Threat Level
FEBRUARY 27, 2018
A fake story about a Parkland student started on the right, but outrage-tweeting on the left propelled it into the mainstream.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
eSecurity Planet
FEBRUARY 26, 2018
Here are 20 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.
Dark Reading
FEBRUARY 27, 2018
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.
Elie
FEBRUARY 25, 2018
The “Right to be Forgotten” is a privacy ruling that enables Europeans to delist certain URLs appearing in search results related to their name. In order to illuminate the effect this ruling has on information access, we conduct a retrospective measurement study of 2.4 million URLs that were requested for delisting from Google Search over the last three and a half years.
WIRED Threat Level
FEBRUARY 26, 2018
Analytics services are unintentionally collecting a mass of passwords and other sensitive data, new research shows.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
MARCH 2, 2018
The new vector was recently used to launch a record-breaking 1.35 Tbps attack on GitHub.
Threatpost
MARCH 1, 2018
A new strain of mobile malware found on an array of apps can pull out sensitive data – including audio recordings – from Android phones.
Dark Reading
FEBRUARY 28, 2018
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
WIRED Threat Level
FEBRUARY 27, 2018
The Kremlin's hacking misdirection is evolving. And even when those attempts to confuse forensics fail, they still succeed at sowing future doubt.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
240 
Let's personalize your content