2022

How I Got Pwned by My Cloud Costs

Troy Hunt

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before.

IRS Will Soon Require Selfies for Online Access

Krebs on Security

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Schneier on Security

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!”

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of…

Anton on Security

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF].

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Joseph Steinberg

Zero Trust. A seemingly simple term that appears in pitches sent to me several times a day by cybersecurity product and services vendors that are seeking media exposure.

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

More Trending

How Unsecured Wi-Fi Networks Lead to Vulnerability

Doctor Chaos

Nowadays, there are so many devices that it can be challenging to remain secure while browsing the internet, shopping online, or communicating with co-workers. Businesses need to implement strong security strategies to protect themselves from malicious actors.

Are You Prepared to Defend Against a USB Attack?

Dark Reading

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause

112
112

Protecting Data in the Cloud: A Work in Progress

Security Boulevard

Throughout its history, the tech industry has had to deal with constant change, increasingly complex architectures and security challenges. Security is a particularly deep well of concepts to navigate.

22 cybersecurity myths organizations need to stop believing in 2022

CSO Magazine

The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

CISO 109

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

Weekly Update 279

Troy Hunt

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to.

Retail 197

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency.

Norton’s Antivirus Product Now Includes an Ethereum Miner

Schneier on Security

Norton 360 can now mine Ethereum. It’s opt-in, and the company keeps 15%. It’s hard to uninstall this option. Uncategorized antivirus cryptocurrency

Left of SIEM? Right of SIEM? Get It Right!

Anton on Security

This post is perhaps a little basic for true SIEM literati, but it covers an interesting idea about SIEM’s role in today’s security. I suspect that this topic will become even more fascinating in light of the appearance of XDR ?—?but

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data.

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.

Chip Implants: Opportunities, Concerns and What Could Be Next

Lohrman on Security

There were new developments in 2021 regarding implanting microchips into humans. So what plans were announced for 2022? And just as important, what are the privacy and security ramifications

136
136

Microsoft warns of dreaded data wiping malware campaign

CyberSecurity Insiders

Microsoft has issued an official warning to all IT and not-for-profit organizations, along with some critical government organizations across Ukraine, that their digital infrastructure could be targeted by a dreaded data wiping malware campaign.

REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums

Dark Reading

Threat actors from Eastern Europe seen expressing some concern about Russia being a safe place for them to continue operating, researchers say

Does Your Cyberinsurance Policy Cover Cyberwar?

Security Boulevard

Despite your best efforts to prevent it, you get hit by a massive cyberattack. Maybe it’s a data breach; maybe a ransomware attack or maybe a supply chain disruption.

The Prometheus traffic direction system is a major player in malware distribution

CSO Magazine

Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more.

Weekly Update 277

Troy Hunt

Well that all changed very quickly. One week ago, I was like "I'm going to do this video from somewhere really epic next week" A few hours after that video, the host of the drinks we'd gone to over the road the day before told us she had symptoms.

205
205

Norton 360 Now Comes With a Cryptominer

Krebs on Security

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers.

San Francisco Police Illegally Spying on Protesters

Schneier on Security

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests.

20 Years of SIEM: Celebrating My Dubious Anniversary

Anton on Security

20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.

Cyber Security Expert Joseph Steinberg To Serve On Newsweek Expert Forum In 2022

Joseph Steinberg

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum last year, will continue serving as a member throughout 2022.

GUEST ESSAY: Data breaches across the globe slowed significantly in Q4 2021 versus Q1-Q3

The Last Watchdog

After a gloomy start with its first three breach intensive quarters, 2021 has finally ended, and on a positive note. Related: Cybersecurity experts reflect on 2021. This conclusion is derived from an analysis of data taken from our data breach detection tool, Surfshark Alert , which comprises publicly available breached data sets to inform our users of potential threats.

Most Popular Cybersecurity Blog Posts from 2021

Lohrman on Security

What were the top government security blog posts in 2021? These metrics tell us what cybersecurity and technology infrastructure topics were most popular in the past year

Beijing Winter Olympics MY2022 mobile app filled with security vulnerabilities

CyberSecurity Insiders

Winter Olympics 2022 that are scheduled to be held in Beijing from next month i.e. in between February 4th to February 22nd, 2022 is in news for wrong reasons.

Mobile 113

Fraud Is On the Rise, and It's Going to Get Worse

Dark Reading

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud

The Rise of the 24/7 Security Scanning Access Point

Security Boulevard

An astonishing 90% of enterprise data breaches are caused by phishing attacks, costing businesses billions every year in lost revenue and downtime. Rogue devices are often the gateway to such attacks.

Russian cyberattacks on Ukraine raise IT security concerns

CSO Magazine

This past week has seen an inundation of notifications concerning Russia’s overt and covert efforts to set “their” stage to provide it with a pretext to invade Ukraine once again. The realpolitik of the Russian efforts and the media focus is on the likelihood of Russia taking this course of action.

CISO 113

Weekly Update 278

Troy Hunt

I recorded this a week after Charlotte appeared with me, fresh out of isolation with a negative COVID test. However. 9 year old Elle had tested positive on Monday (albeit entirely symptomatic, so no idea how long she'd been positive) but hey, hopefully she'd be clear today.

169
169

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.

Are Fake COVID Testing Sites Harvesting Data?

Schneier on Security

Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results.