October, 2017

article thumbnail

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

Troy Hunt

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack , the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad. then totally screwing up the security.

IoT 279
article thumbnail

Partner Spotlight: Q&A with Entrust Datacard

Thales Cloud Protection & Licensing

Inspired by National Cybersecurity Awareness Month (NCSAM), I kicked off our partner spotlight series earlier this month with one of our valued partners in the privileged account management space. In this piece we turn our attention to identity management and transaction security and we spotlight Entrust Datacard. The company is a provider of identity and secure transaction technologies that make business and personal experiences – such as making purchases, crossing borders, accessing e-governme

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Unmasking the ransomware kingpins

Elie

This blog post exposes the cybercriminal groups that dominate the ransomware underworld, and analyzes the reasons for their success. This is the third and final blog post of my series on ransomware economics. The first post was dedicated to the methodology and techniques developed to trace ransomware payments from end to end. The second post shed light on the inner workings of ransomsphere economics.

article thumbnail

NopSec Unified VRM Highlight: My Risk

NopSec

IT Security and Risk teams in every organization have one common goal: to protect the company’s data from breaches by strengthening its security posture. Each member of the team has different goals (that work towards the common goal) depending on their roles. While the Engineers and Analysts are more focused on the day to day remediation of vulnerabilities, CISOs and upper level management are more concerned with the overall strategic role of cybersecurity within the organization’s goals.

Risk 52
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Kali on KRACK

Kali Linux

WPA2 Key Reinstallation AttaCK or KRACK attack Recently, Mathy Vanhoef of imec-DistriNet, KU Leuven, discovered a serious weakness in WPA2 known as the Key Reinstallation AttaCK (or KRACK) attack. Their overview, Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse, and research paper ( Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, co-authored by Frank Piessens ) have created quite a stir in our industry because the press touts that it “breaks Wi-Fi” There have

article thumbnail

Applying Cyber Grand Challenge Technology To Real Software

ForAllSecure

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

More Trending

article thumbnail

The Time is Right for Multi-Cloud Key Management

Thales Cloud Protection & Licensing

Multi-cloud use – It’s here in spades. One of the things we see every day at Thales is how the pace of change in organizations is pushing them to adapt and utilize cloud, big data, IoT and container technologies. Organizations are digitally transforming themselves at a fundamental level to address new markets, offer new services to existing customers and stay relevant in a rapidly changing world that is increasingly operating online.

article thumbnail

Unmasking the ransomware kingpins

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

Design For Behavior, Not Awareness

The Falcon's View

October was National Cybersecurity Awareness Month. Since today is the last day, I figured now is as good a time as any to take a contrarian perspective on what undoubtedly many organizations just did over the past few weeks; namely, wasted a lot of time, money, and good will. Most security awareness programs and practices are horrible BS. This extends out to include many practices heavily promoted by the likes of SANS, as well as the current state of "best" (aka, failing miserably) practices.

article thumbnail

SPIN Token Sale Rescheduled

Spinone

Dear contributors, As you know, the ICO market is constantly changing, and the regulations differ based on jurisdiction. As a US based company with an extensive customer portfolio, Spinbackup wants to make sure we proceed in compliance with the US law and regulations. Our primary focus is to keep our investors, customers, and potential token holders satisfied.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Applying Cyber Grand Challenge Technology To Real Software

ForAllSecure

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

article thumbnail

Disqus Demonstrates How to Do Breach Disclosure Right

Troy Hunt

We all jumped on "the Equifax dumpster fire bandwagon" recently and pointed to all the things that went fundamentally wrong with their disclosure process. But it's equally important that we acknowledge exemplary handling of data breaches when they occur because that's behaviour that should be encouraged. Last week, someone reached out and shared a number of data breaches with me.

article thumbnail

When Encryption Meets Flash Arrays

Thales Cloud Protection & Licensing

Cyberattacks continue to grow more sophisticated and persistent. To combat threats and keep data safe, IT teams must employ robust encryption, key management, and access controls. This is especially true for information held in storage environments, which can contain an organization’s most vital assets. To secure storage, many organizations have been leveraging native encryption offerings from their storage vendors.

article thumbnail

Do Something Awesome with Have I Been Pwned and Win a Lenovo ThinkPad!

Troy Hunt

Current status: The competition has run and been won! Scroll down to the bottom for the result. Friends who follow what I'm up to these days will see that I'm often away from home in far-flung parts of the world. What that means is a lot of time on planes, a lot of time in airports (which is where I'm writing this now) and a lot of time in hotel rooms.

Passwords 138
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

New Pluralsight Course: Emerging Threats in IoT

Troy Hunt

It's another Pluralsight course! I actually recorded Emerging Threats in IoT with Lars Klint back in June whilst we were at the NDC conference in Oslo. It's another "Play by Play" course which means it's Lars and I sitting there having a conversation like this: We choose to talk about IoT because frankly, it's fascinating. There's just so many angles to security in otherwise everyday devices, for example: The collection of never-before digitised data (adult toys are a perfect example).

IoT 131
article thumbnail

Weekly update 57

Troy Hunt

I'm doing this week's update a little back to front due to the massive incident in South Africa involving what looks like pretty much the entire population. I've spent the first half an hour just talking about that incident in a way that I hope is consumable for the layperson. I wanted to explain what these things many regular viewers understand as "data breaches" are, why I have them and pretty much everything else I know about the incident in South Africa.

IoT 117
article thumbnail

Weekly update 58

Troy Hunt

I'm between (short domestic) trips, I'm playing with my new iPad and I'm working on something really, really cool I'm going to be talking about next week. Seriously, this is a big thing that's been in the works for a while now and I'll be covering it in detail in the next update. For now, I've caught up on the whole IoT warning thing I totally overlooked last week.

IoT 110
article thumbnail

Weekly update 56 (island edition)

Troy Hunt

After being couped up inside most of the week due to some (very unusual) bad weather, when the sun came out today the only responsible thing to do was to jump on the jet ski and head off to an island to do my weekly update. As much as it was nice to get out, the audio is a little sketchy in places which I suspect is due to my mic losing its furry cover and then dangling from the lanyard on my hat and hitting my chest.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Incremental "Gains" Are Just Slower Losses

The Falcon's View

Anton Chuvakin and I were having a fun debate a couple weeks ago about whether incremental improvements are worthwhile in infosec, or if it's really necessary to "jump to the next curve" (phrase origin: Guy Kawasaki's " Art of Innovation ," watch his TedX ) in order to make meaningful gains in security practices. Anton even went so far as to write about it a little over a week ago (sorry for the delayed response - work travel).

InfoSec 40
article thumbnail

APPLYING CYBER GRAND CHALLENGE TECHNOLOGY TO REAL SOFTWARE

ForAllSecure

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

article thumbnail

Applying Cyber Grand Challenge Technology to Real Software

ForAllSecure

I first heard about Mayhem when I read that researchers at my university, Carnegie Mellon, had reported 1200 crashes in Debian , just by running their binary analysis system on Debian programs for 15 minutes at a time. When I learned that the technology developed by those researchers was spun out as a startup, ForAllSecure, I knew I had to get involved.

article thumbnail

Profile of the Month: Derek Tumulak, Global Vice President of Product Management

Thales Cloud Protection & Licensing

Since the early days of his career as a software developer, Derek Tumulak has had a fascination with building things – a skill that has served him well throughout his career in the technology industry. He began his professional path at the tech giants of Microsoft and Netscape. He was a software developer, striving to find “elegant ways to solve complex problems,” he says.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Questions about the Massive South African "Master Deeds" Data Breach Answered

Troy Hunt

This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours. This post explains everything I know. Who Am I and Why Do I Have This Data?