November, 2017

article thumbnail

Here's What I'm Telling US Congress about Data Breaches

Troy Hunt

Last week I wrote about my upcoming congressional testimony and wow - you guys are awesome! Seriously, the feedback there was absolutely sensational and it's helped shape what I'll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you! As I explained in that first blog post, I'm required to submit a written testimony 48 hours in advance of the event.

article thumbnail

Me on the Equifax Breach

Schneier on Security

Testimony and Statement for the Record of Bruce Schneier. Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School. Fellow, Berkman Center for Internet and Society at Harvard Law School. Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerce". Before the. Subcommittee on Digital Commerce and Consumer Protection.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-theshelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums.

article thumbnail

Supreme Court Must Understand That Cell Phones Aren’t Voluntary

WIRED Threat Level

Opinion: The US argues that police can access cell phone records freely because customers volunteer that data. But cell phones are no longer optional.

111
111
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Report: Discovering Consumer Attitudes Toward Connected Car Security

Thales Cloud Protection & Licensing

At Thales eSecurity we are always eager to obtain data on how the world perceives threats to personal data, because it has the potential to inform us on how to make our everyday lives more safe and secure. Together with an independent firm, we recently conducted a survey of 1,000 consumers across the U.S. and UK and found that ownership of internet-connected cars is on the rise.

article thumbnail

Average Organization Faced 8 DDoS Attacks a Day in Q3 2017

eSecurity Planet

That's a 35 percent increase over the previous quarter.

DDOS 84

More Trending

article thumbnail

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

Schneier on Security

The security researchers at Princeton are posting. You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers.

article thumbnail

Suspect in Yahoo Breach Case Pleads Guilty

Dark Reading

Karim Baratov admits he worked on behalf of Russia's FSB.

83
article thumbnail

Apple MacOS High Sierra Security Flaw Lets Anyone Get Root Access, No Password Required

WIRED Threat Level

A Turkish company found a glaring flaw in Apple's desktop operating system that gives anyone deep access, no password required.

Passwords 112
article thumbnail

How to lose your password

Thales Cloud Protection & Licensing

The tsunami of passwords that exist across every aspect of our digital life means that there’s a thriving underground industry of cyber-criminals trying to get at them. To borrow from Shakespeare’s Macbeth: “Each new morn, new widows howl, new orphans cry, new sorrows slap Internet giants on the face”. The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwo

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apple iPhone X Face ID Fooled by a Mask

Threatpost

Vietnamese security company Bkav says it has built a proof-of-concept mask that fools Apple’s Face ID technology.

article thumbnail

I'm Testifying in Front of Congress in Washington DC about Data Breaches - What Should I Say?

Troy Hunt

There's a title I never expected to write! But it's exactly what it sounds like and on Thursday next week, I'll be up in front of US congress on the other side of the world testifying about the impact of data breaches. It's an amazing opportunity to influence decision makers at the highest levels of government and frankly, I don't want to stuff it up which is why I'm asking the question - what should I say?

article thumbnail

Apple FaceID Hacked

Schneier on Security

It only took a week : On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. The article points out that the hack hasn't been independently confirmed, but I have no doubt it's true.

Hacking 197
article thumbnail

Samsung Pay Leaks Mobile Device Information

Dark Reading

Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.

Mobile 80
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

North Korea’s Missile Test Puts the Entire US in Range

WIRED Threat Level

The bad news: Tuesday's missile test shows that North Korea's ICBM can likely hit the US. The slightly less bad news: It's still a long way off from actually doing so.

111
111
article thumbnail

Why the cybersecurity industry should care about Open Source maintenance

Thales Cloud Protection & Licensing

In June of this year, Thales eSecurity joined the Core Infrastructure Initiative (CII), a project both founded and managed by The Linux Foundation, with the aim of collaboratively enhancing and strengthening the security and resilience of critical Open Source projects. Many of the world’s largest technology companies already belong to the CII, with Thales being officially recognised as the first global security firm to join the initiative.

article thumbnail

Hybrid Analysis Grows Up – Acquired by CrowdStrike

Lenny Zeltser

CrowdStrike acquired Payload Security , the company behind the automated malware analysis sandbox technology Hybrid Analysis , in November 2017. Jan Miller founded Payload Security approximately 3 years earlier. The interview I conducted with Jan in early 2015 captured his mindset at the onset of the journey that led to this milestone. I briefly spoke with Jan again, a few days after the acquisition.

Malware 75
article thumbnail

Bypassing Browser Security Warnings with Pseudo Password Fields

Troy Hunt

It seems that there is no limit to human ingenuity when it comes to working around limitations within one's environment. For example, imagine you genuinely wanted to run a device requiring mains power in the centre of your inflatable pool - you're flat out of luck, right? Wrong! Or imagine there's a fire somewhere but the hydrant is on the other side of train tracks and you really want to put that fire out but trains have still gotta run too - what options are you left with?

Passwords 214
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Man-in-the-Middle Attack against Electronic Car-Door Openers

Schneier on Security

This is an interesting tactic, and there's a video of it being used: The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. In the footage, one of the men can be seen waving a box in front of the victim's house. The device receives a signal from the key inside and transmits it to the second box next to the car.

197
197
article thumbnail

Insider Threats: Red Flags and Best Practices

Dark Reading

Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.

79
article thumbnail

What Amazon Echo and Google Home Do With Your Voice Data—And How to Delete It

WIRED Threat Level

Like the idea of Amazon Echo and Google Home, but feel uneasy about all that recording? Here's what they listen to—and how to delete it.

111
111
article thumbnail

‘Tis the season for proliferating payment options…and risk

Thales Cloud Protection & Licensing

It’s hard to believe that the holiday season is already upon us with both the biggest online and offline shopping events just around the corner. The one-two punch of Black Friday and Cyber Monday are the highest volume shopping days of the year and finding the best deals can be a hobby in itself. In 2016, 108.5 million Americans shopped online over the long weekend.

Risk 90
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ten Top Next-Generation Firewall (NGFW) Vendors

eSecurity Planet

Next-generation firewalls (NGFW) are essential to IT security and make up a $10 billion market. We review ten of the best.

article thumbnail

I'm Joining Report URI!

Troy Hunt

What if I told you. that you can get visitors to your site to automatically check for a bunch of security issues. And then, when any are found, those visitors will let you know about it automatically. And the best bit is that you can set this up in a few minutes and add it to your site with zero risk. Or if you like, set it up so that it can automatically block certain types of attacks.

Risk 202
article thumbnail

Warrant Protections against Police Searches of Our Data

Schneier on Security

The cell phones we carry with us constantly are the most perfect surveillance device ever invented, and our laws haven't caught up to that reality. That might change soon. This week, the Supreme Court will hear a case with profound implications on your security and privacy in the coming years. The Fourth Amendment's prohibition of unlawful search and seizure is a vital right that protects us all from police overreach, and the way the courts interpret it is increasingly nonsensical in our compute

Internet 186
article thumbnail

DDoS Attack Attempts Doubled in 6 Months

Dark Reading

Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.

DDOS 78
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

'Vapor Wake' Explosive-Sniffing Dogs Help Protect the Thanksgiving Day Parade

WIRED Threat Level

This year, a team of Labrador retrievers trained to sniff out body-worn explosives will help lock down NYC's Macy's Thanksgiving Day Parade.

112
112
article thumbnail

Why practical Blockchain must become a reality

Thales Cloud Protection & Licensing

In just a few short years, Bitcoin, the innovative cryptocurrency underpinned by Blockchain technology, has earned broad legitimacy and won plaudits from many top technologists, investors, and even bankers. With the concept now proven, attention has shifted to the technology behind Bitcoin in the hope that it might help to solve more problems than digital currency.

article thumbnail

Hacking Blockchain with Smart Contracts to Control a Botnet

eSecurity Planet

Botract attack method revealed at SecTor security conference could enable a botnet to be as resilient and as distributed as the Ethereum blockchain itself.

Hacking 69
article thumbnail

The One Valuable Thing All Websites Have: Reputation (and Why It's Attractive to Phishers)

Troy Hunt

Here's something I hear quite a bit when talking about security things: Our site isn't a target, it doesn't have anything valuable on it. This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it's a perfectly reasonable position. They don't collect any credentials, they don't have any payment info and in many cases, the site is simply a static representation of content that rarely changes.

Phishing 189
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?