Schneier on Security
JANUARY 31, 2020
From a FOIA request, over a hundred old NSA security awareness posters. Here are the BBC's favorites. Here are Motherboard's favorites. I have a related personal story. Back in 1993, during the first Crypto Wars, I and a handful of other academic cryptographers visited the NSA for some meeting or another. These sorts of security awareness posters were everywhere, but there was one I especially liked -- and I asked for a copy.
Krebs on Security
JANUARY 31, 2020
On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JANUARY 21, 2020
Geez time flies. It's just a tad under 4 years ago that I wrote about teaching kids to code with code.org which is an amazing resource for young ones to start learning programming basics. In that post I shared a photo of my then 6-year-old son Ari holding a Lenovo Yoga 900 I gifted him as part of the Insiders program I'm involved in: He got a lot of mileage out of that machine and learned a lot about the basics of both code and using a PC.
Adam Levin
JANUARY 27, 2020
A subsidiary of Avast antivirus is selling sensitive user browsing data to many companies, including Revlon, Microsoft, Google, Yelp, Condé Nast, and TripAdvisor. According to a recent joint investigation by Vice’s Motherboard and PCMag, highly granular and sensitive user data from users of Avast antivirus is being repackaged and sold to companies via a subsidiary called Jumpshot which promises buyers of the data information on “Every search.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Last Watchdog
JANUARY 20, 2020
Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.
Tech Republic Security
JANUARY 29, 2020
Data privacy is an increasing concern for companies and individuals. Learn more about what's on the landscape for 2020.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Krebs on Security
JANUARY 20, 2020
A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston , 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one count of damaging protected computers by transmission of a program, code or command.
Troy Hunt
JANUARY 3, 2020
Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set. I mean have a think about it: If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? Yes. What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent?
Adam Levin
JANUARY 15, 2020
An unsecured database discovered online has leaked thousands of baby photos and videos. . Bithouse, Inc. left unprotected and accessible online an Elasticsearch database containing nearly 100GB of information associated with its app Peekabo Moments. The leaked data includes photos, videos, and birthdates of babies, as well as 800,000 email addresses, location data as well as detailed device information. .
The Last Watchdog
JANUARY 29, 2020
A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
JANUARY 28, 2020
Here are 10 important tasks security administrators should perform to keep devices protected and secure.
Schneier on Security
JANUARY 22, 2020
It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service , a remote access protoco
Krebs on Security
JANUARY 28, 2020
In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.
Troy Hunt
JANUARY 24, 2020
Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception). I was left with a zero-byte file on my unit which we tried to recover to no avail. It's not just that; the mobile app is clunky AF (Scott was demonstrating how many times he had to mash a button on his just to get it to connect to a mic),
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Adam Levin
JANUARY 21, 2020
The FBI has seized the domain of WeLeakInfo.com, an online service that sold data from hacked and breached websites. The domain seizure and termination of WeLeakInfo’s services was the result of a joint operation with the UK National Crime Agency, the Netherlands National Police Corps, the German Bundeskriminalamt (the Federal Criminal Police Office of Germany), and the Police Service of Northern Ireland. . “The website had claimed to provide its users a search engine to review and obtain
Adam Shostack
JANUARY 22, 2020
There’s a fascinating talk by Dan Luu, “ Files are Fraught With Peril. ” The talk itself is fascinating, in a horrifying, nothing works, we’re going to give up and raise goats now sort of way. He starts from the startling decision of Dropbox to drop support for all Linux filesystems except Ext4. This surprising decision stems from the fact that a filesystem is a leaky abstraction, The interaction between performance and reliability means that fsync behaves strangely.
Tech Republic Security
JANUARY 21, 2020
Among 60,000 large companies analyzed by security ratings company BitSight, almost 90% still have Windows 7 PCs in their environment.
Schneier on Security
JANUARY 29, 2020
To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here's an article about Ralphs, a California supermarket chain owned by Kroger: the form proceeds to state that, as part of signing up for a rewards card, Ralphs "may collect" information such as "your level of education, type of employment, information about your health and information about insurance coverage y
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
JANUARY 24, 2020
If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers
Troy Hunt
JANUARY 13, 2020
In a continued bid to make breach data available to the government departments around the world tasked with protecting their citizens, I'm very happy to welcome the first country onto Have I Been Pwned for 2020 - Denmark! The Danish Centre for Cyber Security (CFCS) joins the existing 7 governments who have free and unbridled API access to query and monitor their gov domains.
Adam Levin
JANUARY 30, 2020
Avast will phase out Jumpshot, a subsidiary that sells user browsing data gleaned from its antivirus and security products. . “I – together with our board of directors – have decided to terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect,” Avast CEO Ondrej Vlcek announced in a blog , going on to say “that the data collection business is not inline with our privacy priorities in a company in 2020 and beyond.”.
Adam Shostack
JANUARY 16, 2020
In the last few days, we’ve seen two big stories in the realm of cryptography. The first is that SHA-1 breaks are now practical , and those practical breaks impact things like PGP and git. If you have code that depends on SHA-1, its time to fix that. If you have a protocol that uses SHA1, you need to rapidly version cycle. Thinking a bit more strategically, SHA-1 was designed by the NSA, and published in 1993.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 29, 2020
Is a Linux SSH GUI in your future? Jack Wallen believes once you try Snowflake, there's no going back.
Schneier on Security
JANUARY 23, 2020
This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.
Krebs on Security
JANUARY 29, 2020
Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines, and that several months worth of postings about customer complaints and other issues w
Troy Hunt
JANUARY 18, 2020
We're in Norway! More specifically, Scott Helme and I are in Hafjell and recording this after a day on the snow before heading back to Oslo and the NDC Security conference next week. For now though, we're talking about some really screwy global roaming behaviour with telcos, the Danish gov coming onto HIBP, babies in data breaches and the takedown of We Leak Info.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Adam Levin
JANUARY 9, 2020
Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. . The attack was first detected the night of December 31. Soon after, the company took its systems offline. A week later, Travelex is processing transactions with pen and paper at its 1,200 branches located in more than 70 countries. . “To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted.
Thales Cloud Protection & Licensing
JANUARY 28, 2020
January 28, 2020 marks the 13th iteration of Data Privacy Day. An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy. Its aim is to foster dialogue around the importance of privacy.
Tech Republic Security
JANUARY 29, 2020
The latest version of the BitWarden Android client supports facial recognition. Find out how to enable it.
Schneier on Security
JANUARY 31, 2020
The Department of Interior is grounding all non-emergency drones due to security concerns: The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing Beijing to conduct espionage. The Army banned the use of Chinese-made DJI drones three years ago following warnings from the Navy about "highly vulnerable" drone systems.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
352 
Let's personalize your content