Sat.Mar 24, 2018 - Fri.Mar 30, 2018

article thumbnail

Facebook and Cambridge Analytica

Schneier on Security

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos , things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits -- even if we didn't

article thumbnail

A Scammer Tried to Scare Me into Buying Their Security Services - Here's How It Went Down

Troy Hunt

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards: Should I respond?

Scams 197
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Inside Fort Gordon: Where Next-Gen Cyber Troops Are Trained

WIRED Threat Level

What's happening at the US Army's new cyber branch headquarters marks a change for Fort Gordon. Hell, it might be changing warfare itself—all through a computer screen.

107
107
article thumbnail

Why Enterprises Should Control Their Encryption Keys

Thales Cloud Protection & Licensing

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data. Enterprises cannot ignore the responsibility of implementing a strong key assurance service that ensures they maintain control of their own risks.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Adding Backdoors at the Chip Level

Schneier on Security

Interesting research into undetectably adding backdoors into computer chips during manufacture: " Stealthy dopant-level hardware Trojans: extended version ," also available here : Abstract: In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which

article thumbnail

Aussie Telcos are Failing at Some Fundamental Security Basics

Troy Hunt

Recently, I've witnessed a couple of incidents which have caused me to question some pretty fundamental security basics with our local Aussie telcos, specifically Telstra and Optus. It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: Is it normal for @Telstra to display customer passwords on publicly facing terminals in

Passwords 153

More Trending

article thumbnail

Leveraging tokenization services from the major card brands

Thales Cloud Protection & Licensing

As the volume of both card-based payments and digital payments continue to grow significantly year-on-year, the importance of securing sensitive card data (and in particular the primary account number or PAN) has never been a more critical and challenging task. In the recent Thales eSecurity eBook, ‘ PCI Compliance and Data Protection for Dummies ’, we cover the main technologies that can be used, such as encryption and tokenization, to help with such efforts in protecting the payment prior to a

article thumbnail

Tracing Stolen Bitcoin

Schneier on Security

Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post : Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then under poison, the output is ten stolen bitcoin, while under haircut it's ten bitcoin that are marked 30% stolen.

Banking 135
article thumbnail

Weekly Update 80

Troy Hunt

It's a MASSIVE weekly update! The big news for me this week is the 1Password partnership and I've really tried to share more about how I came to the decision to work with them in this video. I've been so cautious with the way I've managed the image of HIBP to ensure it's always positioned in the right light and I wanted to delve more into that thinking here.

article thumbnail

Taking down Gooligan part 3 — monetization and clean-up

Elie

This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check Point in November 2016. The. first post. recounts the Gooligan origin story and offers an overview of how it works.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

10 Women in Security You May Not Know But Should

Dark Reading

The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.

article thumbnail

Another Branch Prediction Attack

Schneier on Security

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one : In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken.

article thumbnail

The Facebook Privacy Setting That Doesn’t Do Anything at All

WIRED Threat Level

For years, Facebook has left a privacy setting on its site that addresses a problem that no longer exists.

96
article thumbnail

Taking down Gooligan part 3 — monetization and clean-up

Elie

This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check Point in November 2016. The. first post. recounts the Gooligan origin story and offers an overview of how it works.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

SEC Updates Guidance On Cybersecurity Risk And Incident Disclosure Requirements

Privacy and Cybersecurity Law

The United States Securities and Exchange Commission (SEC) recently published updated interpretative guidance concerning the duty of covered public companies to disclose […].

Risk 52
article thumbnail

Fooling Face Recognition with Infrared Light

Schneier on Security

Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post.

142
142
article thumbnail

Monero Privacy Protections Aren’t as Strong as They Seem

WIRED Threat Level

Researchers point out serious gaps in the privacy promises of stealth cryptocoin Monero.

97
article thumbnail

pagodo v2.5 releases: Automate Google Hacking Database scraping

Penetration Testing

pagodo (Passive Google Dork) – Automate Google Hacking Database scraping The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet.... The post pagodo v2.5 releases: Automate Google Hacking Database scraping appeared first on Penetration Testing.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Google Workspace for Education. Protect Your School from Data Loss!

Spinone

An increasing number of schools are moving their records, lesson plans, teaching materials, and even classes online, in order to take advantage of the increased efficiency and collaboration opportunities that the cloud provides. A third of US students are issued mobile devices for schoolwork and 75% of high-schoolers access class information through an online portal. […] The post Google Workspace for Education.

article thumbnail

Unlocking iPhones with Dead People's Fingerprints

Schneier on Security

It's routine for US police to unlock iPhones with the fingerprints of dead people. It seems only to work with recently dead people.

138
138
article thumbnail

Cloudflare's New Encryption Service Adds Privacy Protection

WIRED Threat Level

Internet infrastructure company Cloudflare appears to be preparing to launch a service to encrypt traffic to the computers that look up web addresses.

article thumbnail

Under Armour Reports Massive Breach of 150 Million MyFitnessPal Accounts

Threatpost

Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Getting Ahead of Internet of Things Security in the Enterprise

Dark Reading

In anticipation of an IoT-centric future, CISOs must be rigorous in shoring up defenses that provide real-time insights across all network access points.

article thumbnail

Breaking the Anonymity in the Cryptocurrency Monero

Schneier on Security

Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions. Research paper. BoingBoing post.

article thumbnail

The Under Armour Hack Was Even Worse Than It Had To Be

WIRED Threat Level

If Under Armour had protected all passwords equally, its 150-million-user MyFitnessPal breach wouldn’t have been nearly as bad.

Hacking 74
article thumbnail

DHS And FBI Issue Joint Warning – Hackers Have Targeted Critical Sector Industries Since March 2016

Privacy and Cybersecurity Law

On March 15, 2018, the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) issued a joint […].

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

UVA Defeats UMBC, in Stunning Upset

Dark Reading

In first trip to Mid-Atlantic Collegiate Cyber Defense Competition, University of Virginia's Cyber Defense Team defeats reigning national champs from University of Maryland, Baltimore County.

47
article thumbnail

Does Your Browser Block Cryptojacking Attacks?

eSecurity Planet

Learn what you can do to limit the risk of in-browser cryptojacking attacks.

Risk 73
article thumbnail

MuslimCrypt Steganography App Helps Jihadists Send Secret Messages

WIRED Threat Level

The unfortunately named MuslimCrypt uses steganography to pass discreet messages through images online.

81
article thumbnail

Bad Microsoft Meltdown Patch Made Some Windows Systems Less Secure

Threatpost

Researcher finds Microsoft’s January Patch Tuesday release included a fix for the Intel Meltdown bug, however the update opened up a new vulnerability.

Hacking 52
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.