Schneier on Security

MARCH 22, 2018

Interesting analysis and speculation.

Engineering 228

Engineering 228

Troy Hunt

MARCH 21, 2018

There's no way to sugar-coat this: Have I Been Pwned (HIBP) only exists due to a whole bunch of highly illegal activity that has harmed many individuals and organisations alike. That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach).

Data breaches 221

Data breaches Government Passwords Media 221

WIRED Threat Level

MARCH 21, 2018

Despite the repeated privacy lapses, Facebook offers a fairly robust set of tools to control who knows what about you.

Accountability 111

Accountability 111

Thales Cloud Protection & Licensing

MARCH 22, 2018

This blog was originally published on Business Reporter. To view the article, please click here. To see where the future of payments lies, we should look to its past. The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. A fair trade of one thing for another. Go back a few thousand years and the invention of money meant that food could be effectively turned into metal and stored for as long as needed, before being turned back into food ag

Banking 108

Banking Financial Services Accountability Technology 108

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

MARCH 19, 2018

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website , detailed whitepaper , cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA -- and logos we've come to expect from these sorts of things. What's new is that the company only gave AMD a day's notice, which breaks with every norm about responsible disclosure.

198

198

Troy Hunt

MARCH 22, 2018

Home again which means more time to blog and per the intro to this week's update, time to catch up on how HIBP is tracking. Here's the 2 tweets with some stats I mention at the start of this week's update: It's been almost a month since I launched Pwned Passwords V2. In that time, @cloudflare has served 156TB from their cache thus keeping the traffic off my origin.

Passwords 141

Passwords 141

Thales Cloud Protection & Licensing

MARCH 21, 2018

I was fortunate to be one of the presenters at SecureWorld’s recent web conference on “ Deploying Containers in the Age of GDPR.” I suggest you check it out. Here is a taste of what we discussed. A real-time poll of webinar participants asked how ready they think their organizations are for the GDPR deadline of May 25, 2018. It indicated 40% “are doing everything they know about and should be pretty much there.

Encryption 83

Encryption Risk 83

Schneier on Security

MARCH 23, 2018

Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market.

Marketing 170

Marketing Engineering 170

Troy Hunt

MARCH 17, 2018

Last day of travel! The weekly update is out late due to a packed week which I endured whilst battling a cold as well which has made it pretty rough. But other than that, it was a fantastic week recording Pluralsight courses and meeting with some really cool tech companies which I talk about in the update. I also talk a lot about credential stuffing which is just becoming an absolutely massive issue at present and I'll write more on that from home next week.

Risk 140

Risk 140

WIRED Threat Level

MARCH 20, 2018

Alphabet tech incubator Jigsaw wants to make it easy to run your own, more private virtual private network.

VPN 110

VPN Software 110

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Threatpost

MARCH 21, 2018

Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.

Hacking 82

Hacking 82

Schneier on Security

MARCH 21, 2018

Interesting paper " A first look at browser-based cryptojacking ": Abstract : In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website.

Cryptocurrency 163

Cryptocurrency Advertising Marketing 163

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Ransomware 82

WIRED Threat Level

MARCH 19, 2018

You give Facebook all of your data in exchange for using their service—an exchange that seems increasingly out of whack.

110

110

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

eSecurity Planet

MARCH 21, 2018

Next-gen firewalls, UTMs, web application firewalls, cloud-based firewalls, container firewalls and more: Everything you need to know about firewalls.

Firewall 80

Firewall 80

Schneier on Security

MARCH 23, 2018

Zeynep Tufekci is particularly cogent about Facebook and Cambridge Analytica. Several news outlets asked me to write about this issue. I didn't, because 1) my book manuscript is due on Monday (finally!), and 2) I knew Zeynep would say what I would say, only better.

155

155

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Ransomware 82

WIRED Threat Level

MARCH 20, 2018

Alexander Nix has been suspended until further notice and replaced by Cambridge's head of data, Alexander Tayler.

109

109

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

MARCH 21, 2018

The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.

Risk 78

Risk 78

Schneier on Security

MARCH 20, 2018

A good warning , delivered in classic Dan Geer style.

Risk 142

Risk Cybersecurity 142

Threatpost

MARCH 20, 2018

Popular secure messaging service Telegram loses battle with Russian courts and now must hand over encryption keys or face being blocked from the country.

Encryption 66

Encryption Mobile Government 66

WIRED Threat Level

MARCH 23, 2018

On Friday, after months of silence, Tumblr named 84 accounts it says were devoted to spreading propaganda and disinformation on the platform.

Accountability 109

Accountability 109

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

MARCH 22, 2018

Man-in-the-browser attacks targeting Blockchain.info and Coinbase websites, SecurityScorecard says.

Cryptocurrency 75

Cryptocurrency 75

eSecurity Planet

MARCH 20, 2018

A look at the strengths and weaknesses of LogRhythm and Splunk, two market-leading SIEM systems.

Marketing 53

Marketing 53

Threatpost

MARCH 20, 2018

Security experts are calling for a higher prioritization of data security in the wake of Facebook's Cambridge Analytica scandal.

Media 66

Media Data privacy 66

WIRED Threat Level

MARCH 23, 2018

A new indictment asserts a long string of attacks against hundreds of universities and private companies, in which Iran pilfered more than $3 billion worth of intellectual property.

106

106

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

MARCH 22, 2018

Syncing security and product development early is now a "must do.

64

64

Spinone

MARCH 22, 2018

Gurnick Academy of Medical Arts is a private nursing school in California with around 400 employees and over 2,000 students. A few months ago the school faced a data loss disaster caused by Ransomware when an instructor inadvertently infected his classroom computer with the virus that had been brought from home on a USB drive. When […] The post Google Workspace for Education: Ransomware Protection Case first appeared on SpinOne.

Education 52

Education Ransomware Threat Detection 52

Threatpost

MARCH 21, 2018

Orbitz said Tuesday a breach of both its consumer and partner platform may have led to the disclosure of 880,000 payment cards.

Data breaches 64

Data breaches 64

WIRED Threat Level

MARCH 23, 2018

With $380 million in the spending bill earmarked for securing digital elections, the time for talk is over.

106

106

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!