Troy Hunt
NOVEMBER 29, 2017
Last week I wrote about my upcoming congressional testimony and wow - you guys are awesome! Seriously, the feedback there was absolutely sensational and it's helped shape what I'll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you! As I explained in that first blog post, I'm required to submit a written testimony 48 hours in advance of the event.
Schneier on Security
NOVEMBER 22, 2017
The security researchers at Princeton are posting. You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
NOVEMBER 9, 2017
In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-theshelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums.
WIRED Threat Level
NOVEMBER 28, 2017
A Turkish company found a glaring flaw in Apple's desktop operating system that gives anyone deep access, no password required.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Thales Cloud Protection & Licensing
NOVEMBER 28, 2017
At Thales eSecurity we are always eager to obtain data on how the world perceives threats to personal data, because it has the potential to inform us on how to make our everyday lives more safe and secure. Together with an independent firm, we recently conducted a survey of 1,000 consumers across the U.S. and UK and found that ownership of internet-connected cars is on the rise.
eSecurity Planet
NOVEMBER 27, 2017
That's a 35 percent increase over the previous quarter.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
NOVEMBER 28, 2017
This is an interesting tactic, and there's a video of it being used: The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. In the footage, one of the men can be seen waving a box in front of the victim's house. The device receives a signal from the key inside and transmits it to the second box next to the car.
Dark Reading
NOVEMBER 28, 2017
Karim Baratov admits he worked on behalf of Russia's FSB.
WIRED Threat Level
NOVEMBER 21, 2017
The ridesharing service's latest scandal combines routine security negligence with an "appalling" coverup.
Thales Cloud Protection & Licensing
NOVEMBER 14, 2017
The tsunami of passwords that exist across every aspect of our digital life means that there’s a thriving underground industry of cyber-criminals trying to get at them. To borrow from Shakespeare’s Macbeth: “Each new morn, new widows howl, new orphans cry, new sorrows slap Internet giants on the face”. The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwo
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
eSecurity Planet
NOVEMBER 16, 2017
Botract attack method revealed at SecTor security conference could enable a botnet to be as resilient and as distributed as the Ethereum blockchain itself.
Troy Hunt
NOVEMBER 14, 2017
I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. As it turns out, breaking websites is a heap of fun (with the obvious caveats) and people really get into the exercises. The first one that starts to push people into territory that's usually unfamiliar to builders is the module on XSS.
Schneier on Security
NOVEMBER 13, 2017
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. [.]. Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging.
Dark Reading
NOVEMBER 22, 2017
Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
NOVEMBER 22, 2017
This year, a team of Labrador retrievers trained to sniff out body-worn explosives will help lock down NYC's Macy's Thanksgiving Day Parade.
Thales Cloud Protection & Licensing
NOVEMBER 13, 2017
In June of this year, Thales eSecurity joined the Core Infrastructure Initiative (CII), a project both founded and managed by The Linux Foundation, with the aim of collaboratively enhancing and strengthening the security and resilience of critical Open Source projects. Many of the world’s largest technology companies already belong to the CII, with Thales being officially recognised as the first global security firm to join the initiative.
eSecurity Planet
NOVEMBER 21, 2017
Next-generation firewalls (NGFW) are essential to IT security and make up a $10 billion market. We review ten of the best.
Troy Hunt
NOVEMBER 2, 2017
It seems that there is no limit to human ingenuity when it comes to working around limitations within one's environment. For example, imagine you genuinely wanted to run a device requiring mains power in the centre of your inflatable pool - you're flat out of luck, right? Wrong! Or imagine there's a fire somewhere but the hydrant is on the other side of train tracks and you really want to put that fire out but trains have still gotta run too - what options are you left with?
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
NOVEMBER 15, 2017
It only took a week : On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the hack hasn't been independently confirmed, but I have no doubt it's true.
Dark Reading
NOVEMBER 15, 2017
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
WIRED Threat Level
NOVEMBER 14, 2017
Friends, friends of friends, advertisers; keeping track of Facebook's privacy settings can get confusing. Here's how to get yours just right.
Thales Cloud Protection & Licensing
NOVEMBER 22, 2017
It’s hard to believe that the holiday season is already upon us with both the biggest online and offline shopping events just around the corner. The one-two punch of Black Friday and Cyber Monday are the highest volume shopping days of the year and finding the best deals can be a hobby in itself. In 2016, 108.5 million Americans shopped online over the long weekend.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
eSecurity Planet
NOVEMBER 14, 2017
At SecTor security conference, the Director General for National Cyber Security in the Government of Canada details her government's policies for keeping Canadians safe online.
Troy Hunt
NOVEMBER 1, 2017
What if I told you. that you can get visitors to your site to automatically check for a bunch of security issues. And then, when any are found, those visitors will let you know about it automatically. And the best bit is that you can set this up in a few minutes and add it to your site with zero risk. Or if you like, set it up so that it can automatically block certain types of attacks.
Schneier on Security
NOVEMBER 9, 2017
Embedded in this story about infidelity and a mid-flight altercation, there's an interesting security tidbit: The woman had unlocked her husband's phone using his thumb impression when he was sleeping.
Dark Reading
NOVEMBER 20, 2017
Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
NOVEMBER 14, 2017
A rare court case exposes the all-too-common horror of online harassment that followed when one woman broke off a relationship.
Thales Cloud Protection & Licensing
NOVEMBER 2, 2017
In just a few short years, Bitcoin, the innovative cryptocurrency underpinned by Blockchain technology, has earned broad legitimacy and won plaudits from many top technologists, investors, and even bankers. With the concept now proven, attention has shifted to the technology behind Bitcoin in the hope that it might help to solve more problems than digital currency.
eSecurity Planet
NOVEMBER 15, 2017
Complete and total security is impossible, so which IT security technologies will get you to your ideal security posture? We outline your options.
Troy Hunt
NOVEMBER 9, 2017
Here's something I hear quite a bit when talking about security things: Our site isn't a target, it doesn't have anything valuable on it. This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it's a perfectly reasonable position. They don't collect any credentials, they don't have any payment info and in many cases, the site is simply a static representation of content that rarely changes.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
244 
Let's personalize your content