Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. I wrote many blog posts about doing big things for small dollars and did talks all over the world about the great success I'd had with these approaches.

Passwords 363

Passwords Accountability Firewall Risk 363

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.

Mobile 364

Mobile Accountability Insurance Government 364

Joseph Steinberg

JANUARY 19, 2022

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. The ability to leverage quantum physics in order to create immense multi-dimensional representations of data, and to simultaneously analyze many values within those structures, will give these emerging mathematical powerhouses the ability to quickly crack most, if not all, of the standard asymmetric and symmetric encryption utilized to today pr

Encryption 363

Encryption Backups Banking Artificial Intelligence 363

Schneier on Security

JANUARY 18, 2022

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help — but since that’s not really the point, it’s not argued on its merits.

Encryption 351

Encryption Government Advertising Marketing 351

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Anton on Security

JANUARY 10, 2022

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF]. If you missed them, the previous papers are: “Future of the SOC: Forces shaping modern security operations” [PDF] (Paper 1 of 4) “Future of the SOC: SOC People?

Engineering 339

Engineering Technology Cybersecurity 339

The Last Watchdog

JANUARY 6, 2022

Cyber threats continue to gain momentum and there are still not enough ways to counter it. Related: Why the ‘Golden Age’ of cyber espionage is upon us. The global threat intelligence market size was estimated at $10.9 billion in 2020 and will grow to $16.1 billion by 2025. Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018.

Marketing 279

Marketing Software Surveillance Information Security 279

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Antivirus 362

Antivirus Cryptocurrency Identity Theft Software 362

Joseph Steinberg

JANUARY 20, 2022

Zero Trust. A seemingly simple term that appears in pitches sent to me several times a day by cybersecurity product and services vendors that are seeking media exposure. And, in many (if not most cases), the term is being misused – even by the very vendors who claim to be the ones delivering zero trust to the world. So, let’s cut through the marketing fluff and understand what Zero Trust is – and, even before that that, what Zero Trust Is not.

Cybersecurity 361

Cybersecurity Artificial Intelligence Ransomware Social Engineering 361

Schneier on Security

JANUARY 21, 2022

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped.

Surveillance 345

Surveillance Encryption Wireless Government 345

Lohrman on Security

JANUARY 23, 2022

Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?

Cyber Attacks 268

Cyber Attacks Cyber threats 268

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

JANUARY 11, 2022

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector. Last August, NTT , the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community

Big data 279

Big data Healthcare Technology Government 279

Troy Hunt

JANUARY 8, 2022

Well that all changed very quickly. One week ago, I was like "I'm going to do this video from somewhere really epic next week" A few hours after that video, the host of the drinks we'd gone to over the road the day before told us she had symptoms. Another few hours later and she's COVID positive. A few days after that and Charlotte is positive too.

282

282

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it.

Cryptocurrency 357

Cryptocurrency Computers and Electronics Antivirus Identity Theft 357

Joseph Steinberg

JANUARY 26, 2022

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned? The particular Google Voice scam that is presently wreaking havoc involves a fraudster contacting a would-be victim – for our case let’s assume that they are targeting you – perhaps in response to a post that you made offering something for sale

Scams 321

Scams Authentication Accountability Artificial Intelligence 321

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

JANUARY 20, 2022

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also violated San Francisco’s new Surveillance Technology Ordinance.

Surveillance 344

Surveillance Technology 344

Anton on Security

JANUARY 12, 2022

This post is perhaps a little basic for true SIEM literati, but it covers an interesting idea about SIEM’s role in today’s security. I suspect that this topic will become even more fascinating in light of the appearance of XDR ?—?but more on this a bit later… So let’s talk about what’s to the left and to the right of SIEM. Note that this has nothing to do with the “shift left” of software development.

Data collection 243

Data collection Architecture Software Media 243

The Last Watchdog

JANUARY 27, 2022

Merger and acquisition (M&A) activity hit record highs in 2021, and isn’t expected to slow down anytime soon. Related: Stolen data used to target mobile services. Many attribute this steady growth to the increase in work-from-home models and adoption of cloud services since the beginning of the COVID-19 pandemic. Such consolidation across markets is good news for customers and vendors alike in terms of market growth and maximizing security investments.

Marketing 265

Marketing Data privacy Risk Accountability 265

Troy Hunt

JANUARY 21, 2022

It's mostly breaches this week and that's mostly business as usual, except for one. I didn't know whether I should speak about the one that frankly, upset me, but I felt it would be somewhat disingenuous not to. I couldn't on the one hand build out this "brand", for want of a better term, of transparency and then just shelve a breach and not talk about it because it's too uncomfortable.

Retail 270

Retail 270

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JANUARY 21, 2022

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club , a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.

Hacking 321

Hacking Cybercrime Authentication Passwords 321

Joseph Steinberg

JANUARY 4, 2022

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum last year, will continue serving as a member throughout 2022. In 2021, based on Steinberg’s proven expertise in the fields of cybersecurity, privacy, and artificial intelligence, the premier news outlet invited him to join its community of pioneering thinkers and industry leaders, and to provide input related to his areas of expertise.

Artificial Intelligence 239

Artificial Intelligence CISO Technology Cybersecurity 239

Schneier on Security

JANUARY 28, 2022

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if she could prove that the postal address for this “federal authority” actually leads to the intelligence service’s apparent offices. “To understa

Telecommunications 341

Telecommunications Government 341

Lohrman on Security

JANUARY 16, 2022

There were new developments in 2021 regarding implanting microchips into humans. So what plans were announced for 2022? And just as important, what are the privacy and security ramifications?

226

226

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Last Watchdog

JANUARY 4, 2022

APIs are putting business networks at an acute, unprecedented level of risk – a dynamic that has yet to be fully acknowledged by businesses. Related: ‘SASE’ framework extends security to the network edge. That said, APIs are certain to get a lot more attention by security teams — and board members concerned about cyber risk mitigation — in 2022.

Digital transformation 260

Digital transformation Hacking Architecture Cyber Risk 260

Troy Hunt

JANUARY 13, 2022

I recorded this a week after Charlotte appeared with me, fresh out of isolation with a negative COVID test. However. 9 year old Elle had tested positive on Monday (albeit entirely symptomatic, so no idea how long she'd been positive) but hey, hopefully she'd be clear today. Yeah, nah and to top it off, 12 year old Ari was positive. Also entirely asymptomatic (and double-vaxed) so instead of ending today with our freedom, we're ending day 15 of our ongoing isolation in, well, more

224

224

Krebs on Security

JANUARY 28, 2022

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.

Ransomware 309

Ransomware Accountability Cybercrime Malware 309

Tech Republic Security

JANUARY 20, 2022

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.

218

218

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

JANUARY 6, 2022

DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% jump over 2020 (23.6 billion). That’s big. Even so, the company, which bills itself as the “Internet privacy company,” offering a search engine and other products designed to “empower you to seamlessly take control of your personal information online without any tradeoffs,” remains a rounding error compared to Google

Engineering 339

Engineering Internet Internet 339

Lohrman on Security

JANUARY 9, 2022

What were the top government security blog posts in 2021? These metrics tell us what cybersecurity and technology infrastructure topics were most popular in the past year.

Cybersecurity 215

Cybersecurity Government Technology 215

The Last Watchdog

JANUARY 13, 2022

Last month’s $125 million Security and Exchange Commission (SEC) fine combined with the $75 million U.S. Commodity Futures Trading Commission (CFTC) fine against JPMorgan sent shockwaves through financial and other regulated customer-facing industries. Related: Why third-party risks are on the rise. According to a SEC release , hefty fines brought against JPMorgan, and its subsidiaries were based on “widespread and longstanding failures by the firm and its employees to maintain and preserve writ

Mobile 254

Mobile Encryption Risk 254

Anton on Security

JANUARY 20, 2022

20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course. With this post, I wanted to briefly reflect on this ominous anniversary. Where do we begin? Let’s start with a sad fact that some of the problems that plagued the SIM/SEM of late 1990s and early 2000s are still with us today in 2022.

Technology 211

Technology Engineering Data collection Firewall 211

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity