May, 2018

article thumbnail

1834: The First Cyberattack

Schneier on Security

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements.

Scams 250
article thumbnail

Welcoming the Spanish Government to Have I Been Pwned

Troy Hunt

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely,gov.uk and.gov.au - as well as across a handful of their other whitelisted gov domains on other TLDs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How WIRED Lost $100,000 in Bitcoin

WIRED Threat Level

We mined roughly 13 Bitcoins and then ripped up our private key. We were stupid—but not alone.

112
112
article thumbnail

Technical Writing Tips for IT Professionals

Lenny Zeltser

This cheat sheet offers guidelines for IT professionals seeking to improve technical writing skills. To print it, use the one-page PDF version; you can also customize the Word version of the document. General Recommendations. Determine your write-up’s objectives and audience. Keep the write-up as short and simple as possible to achieve the objectives.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How to Prevent SQL Injection Attacks

eSecurity Planet

Your company's website does not have to be the next victim of a SQL injection breach. Here's how to prevent SQL injection attacks.

109
109
article thumbnail

Attacks against machine learning — an overview

Elie

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

More Trending

article thumbnail

Weekly Update 87

Troy Hunt

We're on a beach! It's the day after 3 pretty intense days of NDC conference and the day before Scott heads back to the UK so beach was an easy decision. The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again.

138
138
article thumbnail

Stealthy, Destructive Malware Infects Half a Million Routers

WIRED Threat Level

Cisco researchers discover a new router malware outbreak that might also be the next cyberwar attack in Ukraine.

Malware 111
article thumbnail

Get Ready for 'WannaCry 2.0'

Dark Reading

Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.

95
article thumbnail

Who’s more of a threat – insiders or external threat actors?

Thales Cloud Protection & Licensing

In past years’ Thales Data Threat Reports, we asked IT security pros around the world separate questions about whom they believed were the riskiest internal threats and external threats. The results were useful but didn’t allow us to compare which category proved most worrisome. This year, we restructured the two separate questions into a single one, and that gave us some very interesting results about who worries these IT security professionals the most.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Attacks against machine learning — an overview

Elie

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

article thumbnail

Details on a New PGP Vulnerability

Schneier on Security

A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.

article thumbnail

AusCERT and the Award for Information Security Excellence

Troy Hunt

I've been at the AusCERT conference this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: Off to #AusCERT2018 ! It’s all blue outside today, what an awesome day for a short walk from home ??

article thumbnail

The Untold Story of Robert Mueller's Time in the Vietnam War

WIRED Threat Level

Special Counsel Robert Mueller’s job is to make sense of how Russia hacked the 2016 election. But to make sense of Mueller, you have to revisit some of the bloodiest battles of Vietnam.

Hacking 112
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net

Dark Reading

One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.

91
article thumbnail

Mapping the threat: an insight into data breaches across Europe

Thales Cloud Protection & Licensing

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. It’s no surprise feelings of vulnerability are high, with just 8 per cent of businesses not feeling at risk.

article thumbnail

Communicating About Cybersecurity in Plain English

Lenny Zeltser

When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for information security and privacy policies, which are written by subject-matter experts for people who lack the expertise.

article thumbnail

Critical PGP Vulnerability

Schneier on Security

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote : We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

New Pluralsight Course: The Role of Shadow IT and How to Bring it out of the Darkness

Troy Hunt

It's a new Pluralsight course! Yes, I know I said that yesterday too , but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture. As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words, it's free! It's also a combination of video and screencast which means you see a lot of this: As for the topic in the title, shadow IT has always been an interesting one an

article thumbnail

How to Keep Hackers Out of Your Facebook and Twitter Accounts

WIRED Threat Level

Scammers, pranksters, and bad actors all want to break into whatever social media accounts they can. Here's how to keep yours safe.

article thumbnail

Most Expensive Data Breaches Start with Third Parties: Report

Dark Reading

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

article thumbnail

GandCrab Ransomware Found Hiding on Legitimate Websites

Threatpost

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The DHS Cybersecurity Strategy: Five Pillars of Cybersecurity Goals

Thales Cloud Protection & Licensing

The recent DHS Cybersecurity Strategy was released at a crucial time when today’s cyberspace has become a new frontier for warfare for both nation states and criminal hackers. And as we continue to move into an era of digital transformation and interconnectedness, there is increasing concern among organizations and average citizens around the security of sensitive data.

article thumbnail

Sending Inaudible Commands to Voice Assistants

Schneier on Security

Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant.

article thumbnail

New Pluralsight Course: JavaScript Security Play by Play

Troy Hunt

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now. But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell who spends his life writing JS things.

124
124
article thumbnail

New Rowhammer Attack Hijacks Android Smartphones Remotely

WIRED Threat Level

Dutch researchers have pushed the mind-bending Rowhammer hacking technique one more step towards a practical attack.

Hacking 112
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cracking 2FA: How It's Done and How to Stay Safe

Dark Reading

Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.

article thumbnail

Critical Linux Flaw Opens the Door to Full Root Access

Threatpost

The vulnerability allows an attacker to execute a malware or other payloads on a client machine by sending malicious messages from the DHCP server.

Malware 63
article thumbnail

Attacks against machine learning — an overview

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It's a weird article. It paints Ozzie's proposal as something that "attains the impossible" and "satisfies both law enforcement and privacy purists," when (1) it's barely a proposal, and (2) it's essentially the same key escrow scheme we've been hearing about for decades.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?