Schneier on Security

FEBRUARY 26, 2018

If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans.

Surveillance 355

Surveillance Banking Internet Internet 355

Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST explains : When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.

Passwords 279

Passwords Data breaches Mobile Risk 279

Thales Cloud Protection & Licensing

FEBRUARY 9, 2018

With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Whether it’s varying protection levels, differing operational techniques and policies, or juggling multiple keys, managing more than one encryption system can quickly turn into a complex web that demands time, expertise and money to manage effectively.

Encryption 195

Encryption Cybercrime Cybersecurity 195

WIRED Threat Level

FEBRUARY 5, 2018

We speak about the “Mueller probe” as a single entity, but it’s important to understand that there are no fewer than five separate investigations under the broad umbrella of the special counsel’s office.

112

112

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Elie

FEBRUARY 26, 2018

The "Right To Be Forgotten" (RTBF) is the landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs from across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information surfaced by queries containing the name of the requester.

Media 107

Media Government Engineering Internet 107

Dark Reading

FEBRUARY 5, 2018

Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.

Cyber threats 80

Cyber threats Risk 80

Troy Hunt

FEBRUARY 26, 2018

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. Those 80M records are now searchable, read on for the full story: There's an unknown numbers of data breaches floating around the web.

Data breaches 224

Data breaches Passwords Accountability Password Management 224

Thales Cloud Protection & Licensing

FEBRUARY 8, 2018

The 2018 Thales Data Threat Report (DTR) has great information on Big Data use and security. We surveyed more than 1,200 senior security executives from around the world, and virtually all (99%) report they plan to use Big Data this year. Top Big Data Security Concerns. But they rightly have concerns. As the report notes: The top Big Data security issue is that sensitive data can be anywhere – and therefore everywhere – a concern expressed by 34% of global and U.S. respondents.

Big data 96

Big data Encryption Marketing Authentication 96

WIRED Threat Level

FEBRUARY 23, 2018

Paul Manafort’s longtime deputy is cooperating with the special prosecutor, so we may soon have answers to these questions hovering around the Russia investigation.

111

111

eSecurity Planet

FEBRUARY 7, 2018

Industry experts from Coalfire, IEEE and more discuss how AI is shaping the future of IT security.

Cybersecurity 107

Cybersecurity 107

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

FEBRUARY 23, 2018

With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.

73

73

Schneier on Security

FEBRUARY 12, 2018

There are a lot : The cybersecurity company McAfee recently uncovered a cyber operation, dubbed Operation GoldDragon, attacking South Korean organizations related to the Winter Olympics. McAfee believes the attack came from a nation state that speaks Korean, although it has no definitive proof that this is a North Korean operation. The victim organizations include ice hockey teams, ski suppliers, ski resorts, tourist organizations in Pyeongchang, and departments organizing the Pyeongchang Olympi

Internet 246

Internet Internet Cyber Attacks DDOS 246

Troy Hunt

FEBRUARY 27, 2018

In the immortal words of Ricky Bobby, I wanna go fast. When I launched Pwned Passwords V2 last week , I made it fast - real fast - and I want to talk briefly here about why that was important, how I did it and then how I've since shaved another 56% off the load time for requests that hit the origin. And a bunch of other cool perf stuff while I'm here.

Passwords 197

Passwords Internet Internet Architecture 197

Thales Cloud Protection & Licensing

FEBRUARY 15, 2018

Another day, another breach. It’s sarcastic, it’s comical, but it’s also real. Barely a day goes by where we don’t hear of a data breach. Affecting big companies and small in virtually every vertical and hitting government institutions at the local, state and federal level, sensitive data is routinely exfiltrated, stolen and leveraged with shocking regularity.

Identity Theft 89

Identity Theft IoT Technology Encryption 89

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

FEBRUARY 16, 2018

Robert Mueller's office has come out with a 37-page indictment that details the extraordinary lengths Russian agents went to influence the 2016 presidential election.

109

109

eSecurity Planet

FEBRUARY 6, 2018

Learn about this emerging attack method and how it's impacting organizations around the world in this eSecurityPlanet series.

Risk 87

Risk Cybersecurity 87

Dark Reading

FEBRUARY 14, 2018

In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.

Cybersecurity 79

Cybersecurity 79

Schneier on Security

FEBRUARY 27, 2018

Forbes reports that the Israeli company Cellebrite can probably unlock all iPhone models: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11.

Government 160

Government Engineering Passwords Mobile 160

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Troy Hunt

FEBRUARY 6, 2018

I've been giving a bunch of thought to passwords lately. Here we have this absolute cornerstone of security - a paradigm that every single person with an online account understands - yet we see fundamentally different approaches to how services handle them. Some have strict complexity rules. Some have low max lengths. Some won't let you paste a password.

Passwords 197

Passwords Authentication Marketing Accountability 197

Thales Cloud Protection & Licensing

FEBRUARY 21, 2018

Sixty-four percent of the more than 1,200 senior security executives from around the world, whom we surveyed for the 2018 Thales Data Threat Report (DTR), believe artificial intelligence (AI) “increases data security by recognizing and alerting on attacks,” while 43% believe AI “results in increased threats due to use as a hacking tool.”. They’re both right.

Artificial Intelligence 89

Artificial Intelligence Big data Government Technology 89

WIRED Threat Level

FEBRUARY 22, 2018

For over a decade, US Customs and Border Patrol has been unable to verify the cryptographic signatures on e-Passports, because they never installed the right software.

Software 108

Software 108

Elie

FEBRUARY 25, 2018

The “Right to be Forgotten” is a privacy ruling that enables Europeans to delist certain URLs appearing in search results related to their name. In order to illuminate the effect this ruling has on information access, we conduct a retrospective measurement study of 2.4 million URLs that were requested for delisting from Google Search over the last three and a half years.

Media 63

Media Internet Internet Government 63

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

FEBRUARY 9, 2018

The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.

Data breaches 71

Data breaches 71

Schneier on Security

FEBRUARY 2, 2018

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003.

Malware 157

Malware Antivirus Software Accountability 157

Troy Hunt

FEBRUARY 23, 2018

Every now and then, I look at one of the videos I've just recorded and only realise then how tired I look. This was one of those weeks and it was absolutely jam-packed! There was some awesome stuff and there was some very frustrating stuff. Let me add briefly to the latter here: The joy of participating in online communities is that we have these melting pots of diverse backgrounds and ideas all coming together in the one place.

Data breaches 128

Data breaches Passwords Hacking 128

Thales Cloud Protection & Licensing

FEBRUARY 6, 2018

This past month, CEOs, elected leaders and academics from around the globe gathered at the World Economic Forum (WEF) in Davos, Switzerland, to discuss the world’s most pressing problems including technological change, global trade, education, sustainability, and gender equality. As in previous years, digital transformation remained a key theme at the event as well as discussions around artificial intelligence (AI) and IoT technologies impacting the workforce.

Digital transformation 89

Digital transformation Artificial Intelligence Technology IoT 89

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

FEBRUARY 16, 2018

In the wake of the Mueller indictment of a Russian troll farm, any attempt to claim that the 2016 election wasn’t affected by Russian meddling is laughable.

112

112

eSecurity Planet

FEBRUARY 2, 2018

Fine-tuning firewall rules is a critical and often overlooked IT security practice that can minimize network breaches while maximizing performance.

Firewall 75

Firewall 75

Threatpost

FEBRUARY 9, 2018

Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad laptops.

Wireless 67

Wireless Mobile 67

Schneier on Security

FEBRUARY 20, 2018

It's not a great solution, but it's : The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a federal office, Katie Harbath, Facebook's global director of policy programs, said. The requirement will not apply to issue-based political ads, she said. "If you run an ad mentioning a candidate, we are going to mail you a postcard and you will have to use that code to prove you are in the United States," Harbath said a

Advertising 152

Advertising 152

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software