Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST explains : When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.

Passwords 279

Passwords Data breaches Mobile Risk 279

Schneier on Security

FEBRUARY 26, 2018

If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans.

Surveillance 371

Surveillance Banking Internet Internet 371

WIRED Threat Level

FEBRUARY 28, 2018

Facebook recently expanded its face recognition features—and you may have opted in without even realizing it.

112

112

Elie

FEBRUARY 26, 2018

The "Right To Be Forgotten" (RTBF) is the landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs from across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information surfaced by queries containing the name of the requester.

Media 107

Media Government Engineering Internet 107

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Thales Cloud Protection & Licensing

FEBRUARY 9, 2018

With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Whether it’s varying protection levels, differing operational techniques and policies, or juggling multiple keys, managing more than one encryption system can quickly turn into a complex web that demands time, expertise and money to manage effectively.

Encryption 195

Encryption Cybercrime Cybersecurity 195

eSecurity Planet

FEBRUARY 7, 2018

Industry experts from Coalfire, IEEE and more discuss how AI is shaping the future of IT security.

Cybersecurity 91

Cybersecurity 91

Schneier on Security

FEBRUARY 27, 2018

Forbes reports that the Israeli company Cellebrite can probably unlock all iPhone models: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11.

Government 167

Government Engineering Passwords Mobile 167

WIRED Threat Level

FEBRUARY 27, 2018

A fake story about a Parkland student started on the right, but outrage-tweeting on the left propelled it into the mainstream.

111

111

Dark Reading

FEBRUARY 9, 2018

The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.

Hacking 82

Hacking 82

Thales Cloud Protection & Licensing

FEBRUARY 8, 2018

The 2018 Thales Data Threat Report (DTR) has great information on Big Data use and security. We surveyed more than 1,200 senior security executives from around the world, and virtually all (99%) report they plan to use Big Data this year. Top Big Data Security Concerns. But they rightly have concerns. As the report notes: The top Big Data security issue is that sensitive data can be anywhere – and therefore everywhere – a concern expressed by 34% of global and U.S. respondents.

Big data 96

Big data Encryption Marketing Authentication 96

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

eSecurity Planet

FEBRUARY 28, 2018

Here are some steps you can take to reduce the risk of becoming an unwitting accomplice to cryptojacking attacks.

Risk 73

Risk 73

Troy Hunt

FEBRUARY 6, 2018

I've been giving a bunch of thought to passwords lately. Here we have this absolute cornerstone of security - a paradigm that every single person with an online account understands - yet we see fundamentally different approaches to how services handle them. Some have strict complexity rules. Some have low max lengths. Some won't let you paste a password.

Passwords 214

Passwords Authentication Marketing Accountability 214

Schneier on Security

FEBRUARY 2, 2018

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's more, it predated Stuxnet, with the first known instance occurring in 2003.

Malware 166

Malware Antivirus Software Accountability 166

WIRED Threat Level

FEBRUARY 23, 2018

Paul Manafort’s longtime deputy is cooperating with the special prosecutor, so we may soon have answers to these questions hovering around the Russia investigation.

112

112

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

FEBRUARY 5, 2018

Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.

Cyber threats 80

Cyber threats Risk 80

Thales Cloud Protection & Licensing

FEBRUARY 15, 2018

Another day, another breach. It’s sarcastic, it’s comical, but it’s also real. Barely a day goes by where we don’t hear of a data breach. Affecting big companies and small in virtually every vertical and hitting government institutions at the local, state and federal level, sensitive data is routinely exfiltrated, stolen and leveraged with shocking regularity.

Identity Theft 89

Identity Theft IoT Technology Encryption 89

eSecurity Planet

FEBRUARY 6, 2018

Learn about this emerging attack method and how it's impacting organizations around the world in this eSecurityPlanet series.

Risk 70

Risk Cybersecurity 70

Troy Hunt

FEBRUARY 27, 2018

In the immortal words of Ricky Bobby, I wanna go fast. When I launched Pwned Passwords V2 last week , I made it fast - real fast - and I want to talk briefly here about why that was important, how I did it and then how I've since shaved another 56% off the load time for requests that hit the origin. And a bunch of other cool perf stuff while I'm here.

Passwords 212

Passwords Internet Internet Architecture 212

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

FEBRUARY 20, 2018

It's not a great solution, but it's : The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a federal office, Katie Harbath, Facebook's global director of policy programs, said. The requirement will not apply to issue-based political ads, she said. "If you run an ad mentioning a candidate, we are going to mail you a postcard and you will have to use that code to prove you are in the United States," Harbath said a

Advertising 160

Advertising 160

WIRED Threat Level

FEBRUARY 23, 2018

Facebook is locking users out of their accounts until they download antivirus software that sometimes doesn't even work on their computers.

Antivirus 111

Antivirus Malware Accountability Software 111

Dark Reading

FEBRUARY 14, 2018

In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.

Cybersecurity 79

Cybersecurity 79

Thales Cloud Protection & Licensing

FEBRUARY 21, 2018

Sixty-four percent of the more than 1,200 senior security executives from around the world, whom we surveyed for the 2018 Thales Data Threat Report (DTR), believe artificial intelligence (AI) “increases data security by recognizing and alerting on attacks,” while 43% believe AI “results in increased threats due to use as a hacking tool.”. They’re both right.

Artificial Intelligence 89

Artificial Intelligence Big data Government Technology 89

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

FEBRUARY 15, 2018

A look at top vendors in the market for web security gateway solutions, a critical tool for defending against web threats.

Marketing 70

Marketing 70

Troy Hunt

FEBRUARY 23, 2018

Every now and then, I look at one of the videos I've just recorded and only realise then how tired I look. This was one of those weeks and it was absolutely jam-packed! There was some awesome stuff and there was some very frustrating stuff. Let me add briefly to the latter here: The joy of participating in online communities is that we have these melting pots of diverse backgrounds and ideas all coming together in the one place.

Data breaches 139

Data breaches Passwords Hacking 139

Schneier on Security

FEBRUARY 14, 2018

Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn't mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies, security best practices, consumer awareness, the motivation and skill of the hacker and the desirability of the data.

Internet 160

Internet Internet Government Hacking 160

WIRED Threat Level

FEBRUARY 22, 2018

For over a decade, US Customs and Border Patrol has been unable to verify the cryptographic signatures on e-Passports, because they never installed the right software.

Software 111

Software 111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

FEBRUARY 26, 2018

Updated data on zero-days, IoT threats, cryptomining, and economic costs should keep eyebrows raised in 2018.

Cybercrime 79

Cybercrime IoT 79

Thales Cloud Protection & Licensing

FEBRUARY 6, 2018

This past month, CEOs, elected leaders and academics from around the globe gathered at the World Economic Forum (WEF) in Davos, Switzerland, to discuss the world’s most pressing problems including technological change, global trade, education, sustainability, and gender equality. As in previous years, digital transformation remained a key theme at the event as well as discussions around artificial intelligence (AI) and IoT technologies impacting the workforce.

Digital transformation 89

Digital transformation Artificial Intelligence Technology IoT 89

Threatpost

FEBRUARY 9, 2018

Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad laptops.

Wireless 67

Wireless Mobile 67

Troy Hunt

FEBRUARY 1, 2018

I've long been a proponent of Content Security Policies (CSPs). I've used them to fix mixed content warnings on this blog after Disqus made a little mistake , you'll see one adorning Have I Been Pwned (HIBP) and I even wrote a dedicated Pluralsight course on browser security headers. I'm a fan (which is why I also recently joined Report URI ), and if you're running a website, you should be too.

116

116

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity