Schneier on Security

MARCH 23, 2018

Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market.

Marketing 126

Marketing Engineering 126

Troy Hunt

MARCH 22, 2018

Home again which means more time to blog and per the intro to this week's update, time to catch up on how HIBP is tracking. Here's the 2 tweets with some stats I mention at the start of this week's update: It's been almost a month since I launched Pwned Passwords V2. In that time, @cloudflare has served 156TB from their cache thus keeping the traffic off my origin.

Passwords 117

Passwords 117

Thales Cloud Protection & Licensing

MARCH 22, 2018

This blog was originally published on Business Reporter. To view the article, please click here. To see where the future of payments lies, we should look to its past. The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. A fair trade of one thing for another. Go back a few thousand years and the invention of money meant that food could be effectively turned into metal and stored for as long as needed, before being turned back into food ag

Banking 107

Banking Financial Services Accountability Technology 107

WIRED Threat Level

MARCH 19, 2018

In undercover videos filmed by Britain’s Channel 4 news, Cambridge Analytica executives appear to offer up various unsavory tactics to influence campaigns.

110

110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 21, 2018

Interesting paper " A first look at browser-based cryptojacking ": Abstract : In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency, typically without her consent or knowledge, and pays out the seigniorage to the website.

Cryptocurrency 125

Cryptocurrency Advertising Marketing 125

Troy Hunt

MARCH 17, 2018

Last day of travel! The weekly update is out late due to a packed week which I endured whilst battling a cold as well which has made it pretty rough. But other than that, it was a fantastic week recording Pluralsight courses and meeting with some really cool tech companies which I talk about in the update. I also talk a lot about credential stuffing which is just becoming an absolutely massive issue at present and I'll write more on that from home next week.

Risk 116

Risk 116

WIRED Threat Level

MARCH 21, 2018

Despite the repeated privacy lapses, Facebook offers a fairly robust set of tools to control who knows what about you.

Accountability 111

Accountability 111

Schneier on Security

MARCH 23, 2018

Zeynep Tufekci is particularly cogent about Facebook and Cambridge Analytica. Several news outlets asked me to write about this issue. I didn't, because 1) my book manuscript is due on Monday (finally!), and 2) I knew Zeynep would say what I would say, only better.

120

120

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

Dark Reading

MARCH 21, 2018

The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.

Risk 78

Risk 78

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MARCH 19, 2018

You give Facebook all of your data in exchange for using their service—an exchange that seems increasingly out of whack.

102

102

Schneier on Security

MARCH 22, 2018

Interesting analysis and speculation.

Engineering 160

Engineering 160

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

Threatpost

MARCH 21, 2018

Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.

Hacking 82

Hacking 82

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

MARCH 23, 2018

A new indictment asserts a long string of attacks against hundreds of universities and private companies, in which Iran pilfered more than $3 billion worth of intellectual property.

82

82

Schneier on Security

MARCH 20, 2018

A good warning , delivered in classic Dan Geer style.

Risk 115

Risk Cybersecurity 115

Spinone

MARCH 22, 2018

Gurnick Academy of Medical Arts is a private nursing school in California with around 400 employees and over 2,000 students. A few months ago the school faced a data loss disaster caused by Ransomware when an instructor inadvertently infected his classroom computer with the virus that had been brought from home on a USB drive. When […] The post Google Workspace for Education: Ransomware Protection Case first appeared on SpinOne.

Education 52

Education Ransomware Threat Detection 52

Threatpost

MARCH 20, 2018

AMD on Tuesday acknowledged several vulnerabilities that had been reported in its Ryzen and EPYC chips, and said that it would roll out PSP firmware patches in the coming week.

Firmware 61

Firmware 61

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

MARCH 23, 2018

On Friday, after months of silence, Tumblr named 84 accounts it says were devoted to spreading propaganda and disinformation on the platform.

Accountability 89

Accountability 89

Dark Reading

MARCH 19, 2018

DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.

Hacking 59

Hacking 59

eSecurity Planet

MARCH 21, 2018

Next-gen firewalls, UTMs, web application firewalls, cloud-based firewalls, container firewalls and more: Everything you need to know about firewalls.

Firewall 56

Firewall 56

Threatpost

MARCH 20, 2018

Popular secure messaging service Telegram loses battle with Russian courts and now must hand over encryption keys or face being blocked from the country.

Encryption 66

Encryption Mobile Government 66

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

MARCH 20, 2018

Alphabet tech incubator Jigsaw wants to make it easy to run your own, more private virtual private network.

VPN 103

VPN Software 103

Dark Reading

MARCH 22, 2018

Man-in-the-browser attacks targeting Blockchain.info and Coinbase websites, SecurityScorecard says.

Cryptocurrency 75

Cryptocurrency 75

Elie

MARCH 18, 2018

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

Cybersecurity 48

Cybersecurity 48

Threatpost

MARCH 22, 2018

Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.

58

58

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

MARCH 18, 2018

Spectre fixes forced browsers to break the compatibility covenant of the web. Other unchecked technologies could cause even deeper damage.

Technology 85

Technology 85

Dark Reading

MARCH 19, 2018

Nearly one-third of all cyberattacks worldwide are against operations technology (OT), or industrial networks, a new report by Siemens and The Ponemon Institute shows.

Technology 56

Technology 56

Architect Security

MARCH 20, 2018

In case you missed it, news that “private” user data was harvested from 50 million profiles by a company called Cambridge Analytica hit the major news media this week. Data was gathered through a “survey” that exposed data about the user and their friends/connections. Short of quitting social media altogether, you should be wary of any of […].

Media 40

Media Personal Security 40

Threatpost

MARCH 22, 2018

Apple has confirmed a privacy bug in it iPhone that allows the Siri voice assistant to read out messages from locked screens – even if the messages are hidden.

Mobile 59

Mobile 59

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk