This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
There has been a lot of toxicity in the comments section of this blog. I’ve been able to maintain an anonymous comment section on this blog for almost twenty years. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. Maybe its time is up.
When I announced the book in April , I explained how Rob Conery has helped me curate a collection of blog posts. Rob has a solid track record of producing awesome books so when he said "Hey Troy, I reckon the stories behind these blog posts would make a great book", he had my attention.
[no description provided] When I started blogging a dozen years ago, the world was different. Over time, I ended up with at least two main blogs (Emergent Chaos and New School), and guest posting at Dark Reading, IANS, various Microsoft blogs, and other places.
It's not LinkedIn posts or Tweets, but a real live blog. Phil Venables is one of the more reflective and thoughtful CSOs out there, and in this era where everything is a tweet or a linkedin post (sigh) you may have missed that Phil has a blog. This Labor day, why not take the time to catch up on his writing?
What were the top government technology and cybersecurity blog posts in 2024? The metrics tell us what cybersecurity and technology infrastructure topics were most popular.
[no description provided] CyberDB was kind enough to include us in their " Best Cyber Security News Blogs 2018. There's some standbys and some I wasn't familiar with on the list. Thank you for including us!
Making it easier to check feed updates As I migrate adam.shostack.org and various predecesors to this cool new site (hey, take a minute, look around!), I wanted to add a post that helps you see that you have the latest feed as of August 2021 in your feed reader. This is that post. Photo by Katerina Kerdi on Unsplash.
He’s written a blog post about what he’s learned and what comes next. Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director.
Original blog post. It’s the “evil maid attack.” ” It requires physical access to your computer, but you leave it in your hotel room all the time when you go out to dinner.
There'd be no open source Pwned Passwords if nobody wanted to contribute, no live streams or blog posts if people didn't want to watch them and no conference talks if nobody attended. Cool 😎 But it has to be said that all these things only happen through the support of the community.
It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. If you follow Information Security at all you are surely aware of the LastPass breach situation.
On this blog, let’s stick to the tech and the security ramifications of the threat. And it seems to be a large detonation for an overloaded battery. This reminds me of the 1996 assassination of Yahya Ayyash using a booby trapped cellphone. EDITED TO ADD: I am deleting political comments.
There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. I am of two minds about this.
If there is any moral to this, it’s one that all of my blog readers should already know: trust is essential to security. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat. This operation, code-named Trojan Shield, is the first time law enforcement managed an app from the beginning.
Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild. Note the graphic mapping goals with strategies.
found no expired certificates on the server, as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation. However, jabber.ru
The domain mentioned at the beginning of this story — fedetwitter.com — redirects users to the blog of a Japanese technology enthusiast. The domain setwitter.com, which Twitter/X until very recently rendered as “sex.com,” redirects to this blog post warning about the recent changes and their potential use for phishing.
I linked to the story from the beginning of this blog post and got a handful of willing respondents for whom I sent their data and asked two simple questions: Does this data look accurate? As I said in the intro, this is not the conclusive end I wanted for this blog post.
I was pretty excited when I saw PRs coming in right after launching that last blog post. To be clear, this is a voluntary role and the main reason I'm here writing this blog post is for complete transparency and so that when someone other than me starts approving PRs, everyone knows why. Code enhancements. Framework updates.
“A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom. This word has become dangerous and toxic.”
We pushed out the code, published the blog post, dusted ourselves off and that was that. The k-anonymity API is lovely and that's not just me saying that, that's people voting with their feet: That's already 58% by volume from my December blog post, only 5 months ago to the day.
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#3 in the series), we will start to define and refine our detection engineering machinery to avoid the problems covered in Parts 1 and 2. Stay tuned!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , #5 , #6 , #7 and #8 ).
Things like speaking at events, writing blog posts, and, of course, running Have I Been Pwned. Indulge me while I go off on a bit of a tangent here: like the other things in my professional life that have turned into a success, the things I did to earn that first MVP award were things I was going to do anyway.
There’s a lot more in the blog post. As this verification does not take place, an attacker is able to display the edited data on the Service NSW application without any preventative factors.
This blog shows how. See what you make of this one, I'm sure there'll be insights come to light on this yet. References Sponsored by: SentinelOne: Our agentless Offensive Security Engine automates red-teaming, without the false positives. The National Public Data (NPD) breach is bad, but it's also not 2.x
On Monday, the company said in a blog post that there’s no need to worry about that. This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out.
Discussing the value of Security Advisory Boards Lance Cottrell has a blog The Why and How of High ROI Security Advisory Boards over at the Ntrepid blog. I'm pleased to be a part of the board he's discussing, and will quibble slightly I don't think it's easy to maximize the value of the board.
I touch on it in the blog post but imagine all the different stuff I have to spread myself across to run this thing, and how much time is left for actual coding. Ah, episode 401, the unauthorised one! Ok, that was terrible, but what's not terrible is finally getting some serious dev resources behind HIBP.
In last year's MVP announcement blog post , I talked about one of my favourite contributions of all that year being the Pwned Passwords ingestion pipeline for the FBI.
ET: Okta has published a blog post about this incident that includes some “indicators of compromise” that customers can use to see if they were affected. ET: BeyondTrust has published a blog post about their findings. However, she did say the company believes this is an adversary they have seen before. Update, 2:57 p.m.
A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. “When the project team clicks the link, they encounter a region access restriction,” SlowMist wrote.
Tracki: You don't spy software when you have spy hardware (but they're pretty much cut from the same cloth as mSpy) Bounty begger 1: you have no XFO header (and then his PoC didn't work.
He explains it all in his blog post. If your computer is infected by malware, then it can already present to you a bogus website that instructs you to follow a different protocol, one that is cheatable. To demonstrate this, I built a proof-of-concept demonstration.
” In a blog post , Microsoft’s Security Response Center said it was delayed in developing fixes for the vulnerability in Windows Server 2016 , Windows 10 version 1607 , and Windows Server 2012.
Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Cutout.Pro got breached and 20M email addresses leaked (for the most part, an unremarkable incident) I've stood up a GitHub repo to start collaborating on the HIBP UX redesign (consider this a "soft launch" for the moment, I'll blog about it later (..)
The Board reaches this conclusion based on: the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed; Microsoft’s failure to detect the compromise of its cryptographic crown jewels on its own, relying instead on a customer to reach out to identify anomalies the customer had observed; the Board’s assessment of security practices (..)
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content