2022

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Schneier on Security

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019.

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Krebs on Security

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

EU and U.S. Join Forces to Help Developing World Cybersecurity

Lohrman on Security

The United States and the European Union are planning to work together to secure digital infrastructure in developing countries. Here’s why this is vitally important

Welcoming the Bulgarian Government to Have I Been Pwned

Troy Hunt

Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

Last week, I attended an excellent briefing given by Tom Gillis, Senior Vice President and General Manager of VMware’s Networking and Advanced Security Business Group, in which he discussed various important cybersecurity-related trends that he and his team have observed.

Follow the 3-2-1 Rules of Data Backups

Adam Levin

When it comes to backing up your data, IT and cybersecurity experts alike consistently advise what’s known as the “3-2-1” rules, which are: Keep at least three copies of your data: The emphasis here is on at least.

More Trending

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.

The Cybersecurity Skills Gap is Another Instance of Late-stage Capitalism

Daniel Miessler

It’s common to hear that it’s hard to get into cybersecurity, and that this is a problem. That seems to be true, but it’s informative to ask a simple follow-up: The current cybersecurity jobs gap sits at around 2.7 million people. A problem for who?

Be you in the (cyber) workplace

Jane Frankland

At The Source, my new venture for women in cyber and businesses who value them, we have a saying, “Be you in the workplace.” ” And although that should be easy to do, sometimes it’s not.

Top 5 Myths Of Cyber Security Debunked

Security Boulevard

Myths of Cyber Security : We work online. We live online. As our fast-paced lives get exponentially dependent on digital services, the urgency to protect our information from being misused is crucial. In 2021, Microsoft went down in flames of […].

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act ; and S. 2710, the Open App Markets Act.

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level.

Hacktivism Against States Grows After Overturn of Roe v. Wade

Lohrman on Security

State and local governments need to prepare and respond to a new round of cyber attacks coming from groups claiming to be protesting the Supreme Court overturning Roe v. Wade last Friday

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Top-Ranked New Jersey School District Cancels Final Exams Following Ransomware Cyberattack

Joseph Steinberg

The Tenafly, New Jersey, Public School District has canceled final exams for its high school students after a ransomware cyberattack crippled the district’s computer infrastructure.

The March Madness Cyber Threat

Adam Levin

The NCAA Men’s Basketball tournament is underway, and with it the annual prediction brackets. Guessing the brackets right usually means a nice chunk of change. The outcome of over 60 games is wagered on through shared files or online services. .

How to Think about Threat Detection in the Cloud

Anton on Security

This is written jointly with Tim Peacock and will eventually appear on the GCP blog. For now, treat this as “posted for feedback” :-) Ideally, read this post first. In this post, we will share our views on a foundational framework for thinking about threat detection in public cloud computing.

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing. Perhaps elderly folks who haven’t spent a lot of time online are easier to deceive.

Scams 199

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Not All MFA is Equal, and the Differences Matter a Lot

Daniel Miessler

People are starting to get the fact that texts (SMS) are a weak form of multi-factor authentication (MFA). Fewer people know that there’s a big gap between the post-SMS MFA options as well. As I talked about in the original CASSM post , there are levels to this game.

Guilty as charged (or not) for spreading FUD about women in cyber

Jane Frankland

Judge: Jane Frankland, you have been picked up by the male police (one acting alone)) and stand here accused of potentially spreading FUD. On the 8 June you posted on LinkedIn highlighting data gaps and inconsistencies with regards to reporting for women in cyber, specifically methodologies.

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign

Dark Reading

The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn

Symbiote Backdoor in Linux

Schneier on Security

Interesting : What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines.

IRS Will Soon Require Selfies for Online Access

Krebs on Security

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year.

Global Cybersecurity Ramifications from the War in Ukraine

Lohrman on Security

What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore

Building Password Purgatory with Cloudflare Pages and Workers

Troy Hunt

I have lots of little ideas for various pet projects, most of which go nowhere ( Have I Been Pwned being the exception), so I'm always looking for the fastest, cheapest way to get up and running.

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data.

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

The Hacker News

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint.

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of…

Anton on Security

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF].

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

The Irony of InfoSec’s Reaction to Crytpo, NFTs, and Web3

Daniel Miessler

There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3. Mostly, it’s horribly negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate.

Protecting your Customers and Brand in 2022: Are you doing enough?

Jane Frankland

No matter who you are, what you do, or where you reside, one thing is certain. In today’s digital economy, everyone is experiencing record evolution. Customers want more, and so do their stakeholders.

CISO 130

7 Ways to Avoid Worst-Case Cyber Scenarios

Dark Reading

In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data

114
114

Undetectable Backdoors in Machine-Learning Models

Schneier on Security

New paper: “ Planting Undetectable Backdoors in Machine Learning Models : Abstract : Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider.

283
283