January, 2018

article thumbnail

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

India's Aadhaar implementation is the largest biometric system in the world, holding about 1.2 billion locals' data. It's operating in an era of increasingly large repositories of personal data held by both private companies and governments alike. It's also an era where this sort of information is constantly leaked to unauthorised parties; last year Equifax lost control of 145.5 million records on US consumers (this started a series events which ultimately led to me testifying in front of Congre

Hacking 278
article thumbnail

XKCD's Smartphone Security System

Schneier on Security

Funny.

209
209
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Securing Data in the Digital Transformation Era

Thales Cloud Protection & Licensing

Data breaches are the new normal. According to our 2018 Global Data Threat Report , 67% of enterprises have been breached, with that percentage rate growing every year. Regardless of the security measures and efforts put in place, organizations need to act as if a successful cyberattack is not a question of “if” but “when.”. As organizations continue to embrace digital transformation, greater amounts of sensitive data is created, stored and transferred in digital form putting more data at risk.

article thumbnail

If Robert Mueller Is Fired, the Russia Probe Could Continue

WIRED Threat Level

The special counsel is under attack, but if Robert Mueller gets fired, the investigation into Trump’s Russia ties and obstruction of justice could keep going.

112
112
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

DDoS Attacks Become More Complex and Costly

Dark Reading

Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.

DDOS 94
article thumbnail

How AI Is Redefining Cybersecurity

eSecurity Planet

A look at how security vendors that are employing artificial intelligence and machine learning to help IT security teams.

More Trending

article thumbnail

Spectre and Meltdown Attacks Against Microprocessors

Schneier on Security

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the microprocessors at the heart of the world's computers for the past 15-20 years.

Firmware 202
article thumbnail

2018 Thales Data Threat Report, Global Edition: Digital Transformation & Data Security

Thales Cloud Protection & Licensing

This morning we announced, in tandem with our partner 451 Research, the Global Edition of the 2018 Thales Data Threat Report. It’s abundantly clear that medium to larger enterprises (the focus of the report and underlying survey) are finding it harder than ever to protect their sensitive data. The twin drivers of the problem are increased threats and the drive to digitally transform how organizations deliver value and revenue.

article thumbnail

'Jackpotting' ATM Hack Comes to the United States

WIRED Threat Level

The "jackpotting" ATM attack drained tens of millions of dollars worldwide before landing in the United States.

Hacking 111
article thumbnail

Four Malicious Google Chrome Extensions Affect 500K Users

Dark Reading

ICEBRG Security Research team's finding highlights an often-overlooked threat.

88
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hacker Infects Gas Pumps with Code to Cheat Customers

Threatpost

Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.

article thumbnail

I'm Teaming Up with Scott Helme to Run "Hack Yourself First" Workshops in Europe

Troy Hunt

This is probably the most self-explanatory blog post title I've ever written! But be that as it may, it deserves some explanation as to how I've arrived at this point and like many great ideas, it began over some beers. I've just arrived home to the Gold Coast in Australia which I frequently describe to people as "the sunny part of the sunny country" I'm literally sitting on a beach writing this blog post and frankly, I'd like to spend more time here.

Hacking 169
article thumbnail

The Effects of the Spectre and Meltdown Vulnerabilities

Schneier on Security

On January 3, the world learned about a series of major security vulnerabilities in modern microprocessors. Called Spectre and Meltdown, these vulnerabilities were discovered by several different researchers last summer, disclosed to the microprocessors' manufacturers, and patched­ -- at least to the extent possible. This news isn't really any different from the usual endless stream of security vulnerabilities and patches, but it's also a harbinger of the sorts of security problems we're going t

article thumbnail

Why 2018 Will Be the Trust Turning Point for the Digital Economy

Thales Cloud Protection & Licensing

We are in the midst of a digital revolution impacting every aspect of our everyday lives. At the center of the revolution is data, which is available in more forms, volume, depth and complexity since the beginnings of the computer revolution. Earlier this year , IDC predicted the world’s volume of data would expand to 163 zettabytes by 2025 – a tenfold rise in the total.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Strava Data Heat Maps Expose Military Base Locations Around the World

WIRED Threat Level

The US military is reexamining security policies after fitness tracker data shared on social media revealed bases and patrol routes.

Media 111
article thumbnail

AI in Cybersecurity: Where We Stand & Where We Need to Go

Dark Reading

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

article thumbnail

How to Comply with GDPR

eSecurity Planet

IT experts share some their tips on updating IT systems and business processes to comply with the EU's strict new data privacy regulations.

article thumbnail

Streamlining Data Breach Disclosures: A Step-by-Step Process

Troy Hunt

I don't know how many data breaches I'm sitting on that I'm yet to process. 100? 200? It's hard to tell because often I'm sent collections of multiple incidents in a single archive, often there's junk in there and often there's redundancy across those collections. All I really know is that there's hundreds of gigabytes spread across thousands of files.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Estimating the Cost of Internet Insecurity

Schneier on Security

It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: " Estimating the Global Cost of Cyber Risk: Methodology and Examples ": Abstract : There is marked variability from study to study in the estimated direct and systemic costs of cyber incidents, which is further complicated by the considerable variation in cyber risk in differe

Internet 188
article thumbnail

Counting down, Getting Ready: GDPR in a Multi-Cloud World

Thales Cloud Protection & Licensing

( Originally posted to CenturyLink’s blog on November 10 ). To help save time and money, a growing number of enterprises are storing sensitive customer data in the public cloud. Increasingly, they’re also leveraging multiple cloud providers. According to IDC, nearly 80% of IT organizations currently deploy multi-cloud or plan to implement multi-cloud environments within 12 months.

article thumbnail

Your Sloppy Bitcoin Drug Deals Will Haunt You For Years

WIRED Threat Level

Scouring the blockchain, researchers found years-old evidence tying Silk Road transaction to users' public accounts.

article thumbnail

Satori Botnet Malware Now Can Infect Even More IoT Devices

Dark Reading

Latest version targets systems running ARC processors.

IoT 87
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Firefox, Chrome Patch Vulnerabilities, Add Security Features

Threatpost

Dueling browsers, Mozilla Firefox and Google Chrome, have patched bugs and beefed up security.

73
article thumbnail

Weekly Update 69 (Boat Edition)

Troy Hunt

It's my last day in the sun ?? Well, at least it's my last day in the sun for a couple of weeks so today I've gone to the sunniest place I know. It's "the boat edition" of my weekly update and I apologise up front for the rocking motion, the occasional wind noise (I lost the fluffy bit off my smartLav mic ) and the gratuitous amount of sunshine and beach.

Internet 121
article thumbnail

Spectre and Meltdown Attacks

Schneier on Security

After a week or so of rumors, everyone is now reporting about the Spectre and Meltdown attacks against pretty much every modern processor out there. These are side-channel attacks where one process can spy on other processes. They affect computers where an untrusted browser window can execute code, phones that have multiple apps running at the same time, and cloud computing networks that run lots of different processes at once.

article thumbnail

Profile of the Month: Cindy Provin, Chief Executive Officer

Thales Cloud Protection & Licensing

Cindy Provin is a 20-year veteran at Thales. This month, she became the CEO for Thales eSecurity. Previously, she served as the President for Thales eSecurity Americas, and Chief Strategy & Marketing Officer for Thales eSecurity. In her new role as CEO, Cindy will be responsible for leading a world-class organization and delivering a portfolio of security solutions to protect data wherever it is created, shared or stored.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

The Doomsday Clock Ticks Closer to Midnight Over Nuclear War Fears

WIRED Threat Level

As the so-called Doomsday Clock ticks even closer to midnight, a reminder of just how easy it is to slip into nuclear war.

112
112
article thumbnail

Forever 21 Found Malware and Encryption Disabled on its PoS Devices

Dark Reading

The retailer found signs of unauthorized access and malware installed on point-of-sale devices during an investigation into last year's data breach.

Malware 79
article thumbnail

Security Beyond The Perimeter

Andrew Hay

Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hy

article thumbnail

2017 Retrospective

Troy Hunt

I look back a lot more than what I suspect people realise. Not in a reminiscent way, but rather because I find it helps me put things in perspective. A lot of people like to set personal goals or objectives so that there's something specific they're setting out to achieve but for me personally, I just want to see progress. I want to be able to do these retrospectives - not just on Jan 1 but every day - and say to myself "yeah, I'm happy with how far I've moved ahead" And believe me when

Hacking 120
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?