Troy Hunt

NOVEMBER 22, 2019

Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself. I've become more familiar with this sector over recent years due to the frequency with which it's been suffering data breaches that have ultimately landed in my inbox. For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo dat

Data breaches 360

Data breaches Technology Software Accountability 360

Krebs on Security

NOVEMBER 22, 2019

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients.

Ransomware 354

Ransomware Computers and Electronics Healthcare Data breaches 354

Adam Levin

NOVEMBER 26, 2019

One terabyte of data belonging to a major hotel booking platform was found leaked online. A huge trove of customer data belonging to Gekko Group was found online in an unsecured format. The data contained a wide array of records, including full names, credit card details, client login information, email addresses, home addresses and hotel reservations.

B2B 295

B2B Spyware VPN Phishing 295

Schneier on Security

NOVEMBER 20, 2019

Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns.

Internet 256

Internet Internet 256

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

NOVEMBER 26, 2019

There's not a one-size-fits-all approach to cybersecurity. Learn some of the common mistakes and how you can get on the right path.

Cybersecurity 212

Cybersecurity 212

Adam Shostack

NOVEMBER 13, 2019

The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it.

Accountability 184

Accountability Technology Engineering Software 184

Krebs on Security

NOVEMBER 26, 2019

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Marketing 347

Marketing Cybercrime Retail Advertising 347

The Last Watchdog

NOVEMBER 4, 2019

An undercurrent of discontent is spreading amongst knowledge workers in enterprises across the United States and Europe. Related: Phishing-proof busy employees White collar employees today have amazingly capable communications and collaboration tools at their beck and call. Yet the majority feel unsatisfied with narrow daily assignments and increasingly disconnected from the strategic goals of their parent organization.

B2B 180

B2B Technology Software Media 180

Schneier on Security

NOVEMBER 22, 2019

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection (TLSI), also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network. Introducing this capability into an enterprise enhances visibility within boundary security products, but introduces new risks.

Encryption 249

Encryption Risk 249

Tech Republic Security

NOVEMBER 28, 2019

As cloud complexity increases, hackers are relying on more targeted attacks, scoping out weak points across a larger attack surface.

Cybersecurity 211

Cybersecurity 211

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Levin

NOVEMBER 20, 2019

Macy’s has informed customers of an e-skimming data breach following the discovery of Magecart malware on its website. In a letter to affected customers, the retailer said that it had detected malware on its e-commerce website on October 15 and that it had been active for a little over a week. . “The unauthorized code was highly specific and only allowed the third party party to capture information submitted by customers,” stated the letter, explaining that user-submitted data on the site’s chec

Data breaches 176

Data breaches Retail Malware Cybersecurity 176

Troy Hunt

NOVEMBER 17, 2019

Over the last couple of years, I've been increasingly providing governments with better access to their departments' data exposed in breaches by giving them free and unfettered API access to their domains. As I've been travelling around the world this year, I've been carving out time to spend with governments to better understand the infosec challenges they're facing and the role HIBP can play in helping them tackle those challenges.

Government 237

Government InfoSec 237

Krebs on Security

NOVEMBER 25, 2019

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I’m not alone. “I believe this is the first time I’ve seen a camera on a gas pump with a Bluetooth card skimmer,” said Detective Matt Jogodka of the Las Vegas Police Departm

Banking 346

Banking Wireless Encryption Mobile 346

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows how to carry out a DLL injection hack — to cheat the game score.

Firmware 174

Firmware Hacking Software Surveillance 174

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

NOVEMBER 29, 2019

Interesting research: " TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents ": Abstract: : Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training process.

237

237

Tech Republic Security

NOVEMBER 29, 2019

Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.

Risk 201

Risk 201

Adam Levin

NOVEMBER 19, 2019

Data belonging to more than 450,000 players of popular online games were exposed on an unprotected database accessible online. Wizards of the Coast, the company behind games such as Magic: The Gathering , MTG Arena , and Magic Online accidentally left a database unprotected on an online Amazon Web Services storage bucket. The first and last names, email addresses, and passwords of 452,634 players and 470 employees were exposed.

Data breaches 145

Data breaches Passwords Cybersecurity 145

Troy Hunt

NOVEMBER 24, 2019

Kangaroos! I've been trying to line these guys up for weeks to no avail but finally, they've delivered. Speaking of delivering, I actually got 3 blog posts out this week which I've not done for a while, the most significant of which relates to "data enrichment" companies (also often referred to as "data aggregators"). I have a fundamental issue with the very premise of how these firms operate and I'm getting a little sick of finding my own data in there.

VPN 236

VPN Surveillance Banking Data breaches 236

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

NOVEMBER 7, 2019

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes.

Data breaches 259

Data breaches Healthcare Ransomware Cyber threats 259

The Last Watchdog

NOVEMBER 6, 2019

From the start, two-factor authentication, or 2FA , established itself as a simple, effective way to verify identities with more certainty. Related: A primer on IoT security risks The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security. That seminal tension still exists today even as the global cybersecurity community is moving to extend MFA as a key security component in much more complex digital systems sp

Authentication 174

Authentication Digital transformation Software Accountability 174

Schneier on Security

NOVEMBER 12, 2019

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's video surveillance cameras a week before the 2017 inauguration.

Ransomware 237

Ransomware Surveillance Hacking 237

Tech Republic Security

NOVEMBER 22, 2019

Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites.

Retail 199

Retail 199

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

NOVEMBER 22, 2019

Security duo discovered personal and social information 1.2 billion people exposed online on an unsecured Elasticsearch server. Researchers Bob Diachenko and Vinny Troia discovered an unsecured Eslasticsearch server containing an unprecedented 4 billion user accounts. The database, discovered on October 16, 2019, contained more than 4 terabytes of data is the largest data leaks from a single source organization in history.

Advertising 145

Advertising Accountability Education Media 145

Troy Hunt

NOVEMBER 18, 2019

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch , but the fact remains that people have high expectations of how banks should communicate to ensure that they themselves don't come across as phishers

Banking 236

Banking Phishing Scams Accountability 236

Krebs on Security

NOVEMBER 11, 2019

Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned.

Retail 211

Retail Passwords Wireless Backups 211

The Last Watchdog

NOVEMBER 12, 2019

There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads. In fact, there’s widespread recognition in corporate circles that the planning to address fresh cyber risks associated with quantum computing should hav

Encryption 164

Encryption Cyber Risk Architecture IoT 164

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

NOVEMBER 18, 2019

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and it is extremely likely that many of the vulnerabilities are not exploitable -- making them bugs but not security concerns.

Firmware 230

Firmware 230

Tech Republic Security

NOVEMBER 21, 2019

Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).

194

194

WIRED Threat Level

NOVEMBER 22, 2019

Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

145

145

Troy Hunt

NOVEMBER 7, 2019

We're pretty much at a "secure by default" internet these days, at least that's the assumption with most websites, particularly so in the financial sector. About 80% of all web pages are loaded over an HTTPS connection , browsers are increasingly naggy when anything isn't HTTPS and it's never been cheaper nor easier to HTTPS all your things. Which meant that this rather surprised me: Let me break down what's happening here: I'm in (yet another) hotel and on complete autopilot, I start typing "xe

Passwords 216

Passwords Internet Internet Risk 216

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity