Troy Hunt

APRIL 23, 2018

Remember the anti-piracy campaign from years back about "You Wouldn't Steal a Car"? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL ("In Real Life") equivalents. Here's a quick recap: The very premise that the young girl sitting in her bedroom in the opening scene is in any way relatable to the guy in the dark alley sliding a slim jim down the Merc

Internet 209

Internet Internet Penetration Testing Hacking 209

Schneier on Security

APRIL 23, 2018

Russia has banned the secure messaging app Telegram. It's making an absolute mess of the ban -- blocking 16 million IP addresses , many belonging to the Amazon and Google clouds -- and it's not even clear that it's working. But, more importantly, I'm not convinced Telegram is secure in the first place. Such a weird story. If you want secure messaging, use Signal.

Encryption 164

Encryption 164

WIRED Threat Level

APRIL 25, 2018

Ray Ozzie thinks his Clear method for unlocking encrypted devices can attain the impossible: It satisfies both law enforcement and privacy purists.

Encryption 107

Encryption 107

Threatpost

APRIL 24, 2018

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch […].

Ransomware 67

Ransomware Government Hacking 67

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

APRIL 27, 2018

When I launched Pwned Passwords in August , I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. (Incidentally, for anyone about to lose their mind over SHA-1, read that launch post as to why that hashing algorithm is used.

Passwords 186

Passwords 186

Schneier on Security

APRIL 25, 2018

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they're backdoored.

IoT 160

IoT Encryption Technology Risk 160

Thales Cloud Protection & Licensing

APRIL 25, 2018

Jim DeLorenzo, Solutions Marketing Manager, Thales eSecurity. By now, few businesses can be unaware that there is just one month to go until the EU General Data Protection Regulation, better known as the GDPR, comes into force. Perhaps the most comprehensive data privacy standard ever introduced, the GDPR will impact every individual and business that is either a ‘controller’ or ‘processor’ of EU citizens’ personal data.

Encryption 63

Encryption Data breaches Data privacy Risk 63

Troy Hunt

APRIL 27, 2018

This week. I'm tired. A two-day remote workshop on London hours meant very unfriendly times for me here in Aus but hey, it beats jet lag! So just a very short intro this time, I recorded the update this morning whilst I was rather a lot more awake so I'll let that do the talking. Enjoy! iTunes podcast | Google Play Music podcast | RSS podcast. Reference.

Backups 120

Backups 120

Schneier on Security

APRIL 27, 2018

This seems like an absolute disaster: The very short version is that a UK bank, TSB, which had been merged into and then many years later was spun out of Lloyds Bank, was bought by the Spanish bank Banco Sabadell in 2015. Lloyds had continued to run the TSB systems and was to transfer them over to Sabadell over the weekend. It's turned out to be an epic failure, and it's not clear if and when this can be straightened out.

Banking 150

Banking Accountability 150

WIRED Threat Level

APRIL 25, 2018

Researchers found—and helped fix—a flaw in Vingcard RFID locks that would let hackers break into any room in hotels around the world.

106

106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

APRIL 25, 2018

Researchers discovered a flaw in Amazon’s Alexa virtual assistant that enabled them to eavesdrop on consumers with smart devices – and automatically transcribe every word said.

Hacking 66

Hacking IoT 66

Elie

APRIL 23, 2018

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

Cybersecurity 62

Cybersecurity 62

Schneier on Security

APRIL 24, 2018

" Do Not Disturb " is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering. Wire article : Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop's webcam to catch the perpetrator in the act, or they can shut down the computer remotely.

116

116

WIRED Threat Level

APRIL 22, 2018

The mythical creature's popularity says a lot about the psychology of password creation.

Passwords 109

Passwords 109

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

APRIL 24, 2018

A freshly minted attack group dubbed Orangeworm has been uncovered, deploying a custom backdoor in mostly healthcare-related environments. It’s bent on laser-focused, comprehensive corporate espionage, with a noisy attack vector that shows that it’s unlikely to be related to nation-state actors. Researchers first found Orangeworm in the form of an interesting binary in 2016, and […].

Healthcare 65

Healthcare Malware 65

Dark Reading

APRIL 26, 2018

As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.

Marketing 73

Marketing Cybersecurity 73

Schneier on Security

APRIL 23, 2018

This acoustic technology identifies individuals by their ear shapes. No information about either false positives or false negatives.

Technology 118

Technology 118

WIRED Threat Level

APRIL 27, 2018

Joy Reid may have very well been the target of a malicious breach. Or she's just the latest person to blame hackers for her past mistakes.

88

88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Threatpost

APRIL 27, 2018

It's analyzing the server, operated by the North Korea-sponsored APT, which was used to control the global GhostSecret espionage campaign affecting 17 countries.

Government 55

Government Malware Hacking 55

Dark Reading

APRIL 26, 2018

In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.

Phishing 68

Phishing 68

Schneier on Security

APRIL 24, 2018

Info on the coded signals used by the Colorado Rockies.

Encryption 151

Encryption 151

WIRED Threat Level

APRIL 23, 2018

Whether to pay ransomware is a complicated—and costly—calculation.

Ransomware 107

Ransomware 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

APRIL 25, 2018

Webstresser[.]org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world, has served up its last internet-paralyzing traffic tsunami.

DDOS 52

DDOS Marketing Internet Internet 52

Dark Reading

APRIL 26, 2018

The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.

Healthcare 63

Healthcare 63

Schneier on Security

APRIL 26, 2018

It's Lt. Gen. Paul Nakasone. I know nothing about him.

Cybersecurity 119

Cybersecurity 119

WIRED Threat Level

APRIL 21, 2018

Xbox hacking, LinkedIn bugs, and more security news this week.

Hacking 71

Hacking 71

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Threatpost

APRIL 26, 2018

Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.

System Administration 54

System Administration Malware Accountability 54

Dark Reading

APRIL 25, 2018

To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.

50

50

NopSec

APRIL 23, 2018

It’s a cliché now to declare any year the year of the __-breach. It’s especially difficult to see around corners in the cybersecurity industry, but not impossible. To do so, it’s necessary to closely watch and understand the latest technologies, socio-economic trends, legal/privacy trends and even political climates. This year, NopSec did just that with our 2018 Top Cybersecurity Threats White paper , and we predict that the biggest cyber threats will be massive data breaches, ransomware, oppor

Cybersecurity 40

Cybersecurity IoT Cryptocurrency Data breaches 40

Architect Security

APRIL 23, 2018

In “The Importance of Security Awareness Training“, SANS says: “One of the best ways to make sure company employees will not make costly errors in regard to information security is to institute company-wide security-awareness training initiatives that include, but are not limited to classroom style training sessions, security awareness website(s), helpful hints via e-mail, or […].

Security Awareness 40

Security Awareness Information Security Personal Security 40

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk