Schneier on Security

FEBRUARY 26, 2018

If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans.

Surveillance 328

Surveillance Banking Internet Internet 328

Troy Hunt

MARCH 1, 2018

If I'm honest, I'm constantly surprised by the extent of how far Have I Been Pwned (HIBP) is reaching these days. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking "I wonder if people actually know where their data has been exposed?" I built it in part to help people answer that question and in part because my inner geek wanted to build an interesting project on Microsoft's Azure.

Government 187

Government Data breaches Passwords Authentication 187

Elie

FEBRUARY 26, 2018

The "Right To Be Forgotten" (RTBF) is the landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs from across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information surfaced by queries containing the name of the requester.

Media 107

Media Government Engineering Internet 107

WIRED Threat Level

MARCH 2, 2018

By leaving Instagram followers off the public record, Columbia researcher Jonathan Albright says Facebook is making the Russian trolls' true audience appear artificially low.

95

95

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 2, 2018

Since you don't have enough to worry about, here's a paper postulating that space aliens could send us malware capable of destroying humanity. Abstract : A complex message from space may require the use of computers to display, analyze and understand. Such a message cannot be decontaminated with certainty, and technical risks remain which can pose an existential threat.

Malware 152

Malware Risk 152

Troy Hunt

MARCH 2, 2018

Massive, massive week! I'm not trying to make these videos longer (and the next two while I'm overseas will definitely be shorter), but yeah, this week was a biggie. Pwned Passwords dominated throughout, interrupted only by a few thousand new data breaches going into HIBP. But the big one - at least to me in terms of the significance - is the UK and Aussie governments now using HIBP to monitor their gov domains.

Data breaches 112

Data breaches Passwords Government 112

WIRED Threat Level

FEBRUARY 27, 2018

A fake story about a Parkland student started on the right, but outrage-tweeting on the left propelled it into the mainstream.

107

107

Schneier on Security

FEBRUARY 28, 2018

Apple is bowing to pressure from the Chinese government and storing encryption keys in China. While I would prefer it if it would take a stand against China, I really can't blame it for putting its business model ahead of its desires for customer privacy. Two more articles.

Encryption 139

Encryption Government 139

Dark Reading

MARCH 2, 2018

Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.

Passwords 103

Passwords Accountability Phishing 103

Elie

MARCH 2, 2018

Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a crypto-currency such as Bitcoin. In this paper, we create a measurement framework that we use to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims, and operators. By combining an array of data sources, including ransomware binaries, seed ransom payments, victim telemetry from infections, and a large database of Bitcoin addresses annotated with their owne

Ransomware 78

Ransomware Encryption Malware 78

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

FEBRUARY 28, 2018

Facebook recently expanded its face recognition features—and you may have opted in without even realizing it.

110

110

Schneier on Security

MARCH 1, 2018

Two weeks ago, I blogged about the myriad of hacking threats against the Olympics. Last week, the Washington Post reported that Russia hacked the Olympics network and tried to cast the blame on North Korea. Of course, the evidence is classified, so there's no way to verify this claim. And while the article speculates that the hacks were a retaliation for Russia being banned due to doping, that doesn't ring true to me.

Hacking 128

Hacking 128

Dark Reading

MARCH 1, 2018

A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.

Cybersecurity 100

Cybersecurity 100

Elie

FEBRUARY 25, 2018

The “Right to be Forgotten” is a privacy ruling that enables Europeans to delist certain URLs appearing in search results related to their name. In order to illuminate the effect this ruling has on information access, we conduct a retrospective measurement study of 2.4 million URLs that were requested for delisting from Google Search over the last three and a half years.

Media 63

Media Internet Internet Government 63

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

MARCH 1, 2018

On Wednesday, a 1.3Tbps DDoS attack pummeled GitHub for 15-20 minutes. Here's how it stayed online.

DDOS 112

DDOS 112

Threatpost

MARCH 1, 2018

A new strain of mobile malware found on an array of apps can pull out sensitive data – including audio recordings – from Android phones.

Malware 60

Malware Mobile Spyware 60

Dark Reading

FEBRUARY 26, 2018

Updated data on zero-days, IoT threats, cryptomining, and economic costs should keep eyebrows raised in 2018.

Cybercrime 79

Cybercrime IoT 79

Privacy and Cybersecurity Law

MARCH 2, 2018

Since February 2017, the House of Commons Standing Committee on Access to Information, Privacy and Ethics has been reviewing Canada’s […].

Government 52

Government 52

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

MARCH 1, 2018

While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome.

Phishing 97

Phishing 97

eSecurity Planet

FEBRUARY 28, 2018

Here are some steps you can take to reduce the risk of becoming an unwitting accomplice to cryptojacking attacks.

Risk 64

Risk 64

Dark Reading

MARCH 2, 2018

Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement.

Cybersecurity 72

Cybersecurity Risk 72

Threatpost

FEBRUARY 27, 2018

Morphisec said that it has detected several malicious word documents – part of a “massive” malspam campaign – that takes advantage of a critical Adobe Flash Player vulnerability discovered earlier this month.

Malware 47

Malware 47

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

FEBRUARY 27, 2018

The Kremlin's hacking misdirection is evolving. And even when those attempts to confuse forensics fail, they still succeed at sowing future doubt.

Hacking 90

Hacking 90

eSecurity Planet

FEBRUARY 26, 2018

Here are 20 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.

Artificial Intelligence 51

Artificial Intelligence IoT 51

Dark Reading

FEBRUARY 27, 2018

Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.

Data breaches 49

Data breaches 49

Threatpost

MARCH 2, 2018

This week's DDoS attack against GitHub is a harbinger of attacks to come that will use the highly effective memcached amplification technique, say experts.

DDOS 47

DDOS Hacking 47

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

FEBRUARY 26, 2018

Analytics services are unintentionally collecting a mass of passwords and other sensitive data, new research shows.

Passwords 95

Passwords 95

Spinone

MARCH 2, 2018

When deciding between different cloud providers, it can sometimes be confusing to understand all the different terminology and to know exactly what type of cloud services you need. Cloud storage and cloud backup are two of the most common services offered by cloud providers, but they each serve a similar but different purpose. Before signing up for one of these cloud services, it’s very important to understand the differences between them and to determine which will suit your needs best.

Backups 40

Backups Mobile Encryption Malware 40

Dark Reading

FEBRUARY 27, 2018

How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.

57

57

Threatpost

MARCH 2, 2018

Equifax said that an additional 2.4 million Americans have been impacted by a 2017 data breach, bringing the total of those implicated to around 148 million people.

Data breaches 45

Data breaches Hacking 45

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk