Schneier on Security

JULY 18, 2022

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102 , which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser’s Tracking Protection feature is set to strict.

Encryption 363

Encryption 363

Joseph Steinberg

JULY 21, 2022

The second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available. Like its first-edition counterpart, CyberSecurity For Dummies: Second Edition is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical skillsets.

Cybersecurity 363

Cybersecurity Artificial Intelligence Backups Encryption 363

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email

Accountability 347

Accountability Passwords Authentication Password Management 347

Javvad Malik

JULY 7, 2022

Over here in the UK we’ve had dozens of MPs (members of parliament) tender their resignation over the last day or so. While I’m not interested in politics, seeing so many resignation letters did provide me with the template to create the perfect letter. It consists of a few steps. 1. Yellow paper (not the white one peasants write on). 2.

Authentication 306

Authentication 306

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Levin

JULY 6, 2022

A firewall is a network security device or program designed to prevent unauthorized and malicious internet traffic from entering a private network or device. It is a digital safety barrier between public and private internet connections, allowing non-threatening traffic in and keeping malicious traffic out, which in theory includes malware and hackers.

Firewall 298

Firewall Software Internet Internet 298

Troy Hunt

JULY 6, 2022

11 years now, wow 😲 It's actually 11 and a bit because it was April Fool's Day in 2011 that my first MVP award came through. At the time, I referred to myself as "The Accidental MVP" as I'd no expectation of an award, it just came from me being me. It's the same again today, and the last year has been full of just doing the stuff I love; loads of talks (which, like the one above at AusCERT, are actually starting to happen in front of real live humans again), l

Passwords 296

Passwords 296

Joseph Steinberg

JULY 22, 2022

CyberSecurity. The word may sound simple enough to easily define; but, in reality, it is not. From a practical standpoint, cybersecurity means quite different things to different people in different situations, a phenomenon that leads not only to extremely varied cybersecurity policies, procedures, and practices, but also to different understandings of the word cybersecurity itself.

Cybersecurity 359

Cybersecurity Artificial Intelligence Information Security 359

Krebs on Security

JULY 21, 2022

U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “ pig butchering ,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

Scams 339

Scams Cryptocurrency Marketing Internet 339

The Last Watchdog

JULY 5, 2022

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick? Related: We’re in the golden age of cyber espionage.

Cyber Risk 279

Cyber Risk Risk Marketing Data privacy 279

Lohrman on Security

JULY 3, 2022

We’ve been hearing about upcoming breakthroughs with quantum computing technology for several years, so what’s the latest from around the world?

Cybersecurity 279

Cybersecurity Technology 279

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JULY 21, 2022

I broke Yoda's stick! 3D printing woes, and somehow I managed to get through the explanation without reverting to a chorus of My Stick by a Bad Lip Reading (and now you'd got that song stuck in your head). Loads of data breaches this week and whilst "legacy", still managed to demonstrate how bad some practices remain today (hi Shadi.com 👋).

Data breaches 295

Data breaches Media 295

Schneier on Security

JULY 28, 2022

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.

Firmware 338

Firmware Software Malware 338

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. What remains uncertain, however, is when the day of so-called “quantum supremacy” will arrive. As such, many organizations have hesitated to start preparing for the quantum era – after all, they reason, there are enough fires to fight now, and li

Risk 326

Risk Encryption Government Artificial Intelligence 326

Krebs on Security

JULY 29, 2022

The 911 service as it existed until July 28, 2022. 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy so

Cybercrime 302

Cybercrime Software VPN Backups 302

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

JULY 14, 2022

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. Related: Deploying human sensors. Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.

Phishing 277

Phishing Education Cybersecurity Threat Detection 277

Lohrman on Security

JULY 31, 2022

Despite the lack of major headline-grabbing cyber attacks against U.S. critical infrastructure so far in 2022, our global cyber battles continue to increase.

Cyber Attacks 253

Cyber Attacks 253

Troy Hunt

JULY 4, 2022

Continuing the rollout of Have I Been Pwned (HIBP) to national governments around the world, today I'm very happy to welcome Poland to the service! The Polish CSIRT GOV is now the 34th onboard the service and has free and open access to APIs allowing them to query their government domains. Seeing the ongoing uptake of governments using HIBP to do useful things in the wake of data breaches is enormously fulfilling and I look forward to welcoming many more national CSIRTs in the future.

Government 278

Government Data breaches 278

Schneier on Security

JULY 21, 2022

This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720 , a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers.

Manufacturing 329

Manufacturing Surveillance Mobile Authentication 329

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Joseph Steinberg

JULY 13, 2022

Apple last week announced new security features specifically intended to offer “specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.”. In its announcement, the maker of iPhones, iPads, and Macs stated that its new “Lockdown Mode” represents a “groundbreaking security capability;” Lockdown Mode, which is available to users of a range of devices running Apple’s latest OS beta releases, is

Cybersecurity 257

Cybersecurity Artificial Intelligence Government Social Engineering 257

Krebs on Security

JULY 27, 2022

It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of Ashley Madison mentions across Russian cybercrime forums and far-right websites in the months leading up to the hack revealed s

Cybercrime 59

Cybercrime Hacking Media Advertising 59

The Last Watchdog

JULY 1, 2022

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat. Related: Deploying human sensors. Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say

Mobile 258

Mobile Education Phishing Technology 258

Anton on Security

JULY 7, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ). My favorite quotes from the report follow below: “Another common tactic that continues to be observed is when bad actors actively impersonate legitimate sounding organizations (especially in journalism or education) with the objective of in

Cybersecurity 246

Cybersecurity Cryptocurrency Ransomware Education 246

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Troy Hunt

JULY 18, 2022

How many times have you heard the old adage about how nothing in life is free: If you're not paying for the product, you are the product Facebook. LinkedIn. TikTok. But this isn't an internet age thing, the origins go back way further, originally being used to describe TV viewers being served ads. Sure, TV was "free" in that you don't pay to watch it (screwy UK TV licenses aside), but running a television network ain't cheap so it was (and still is) supported by adver

Data breaches 271

Data breaches Passwords Password Management Software 271

Schneier on Security

JULY 15, 2022

Surely no one could have predicted this : The new proposal—championed by Mayor London Breed after November’s wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area—would authorize the police department to use non-city-owned security cameras and camera networks to live monitor “significant events with public safety concerns” and ongoing felony or misdemeanor violations.

Surveillance 327

Surveillance Technology 327

Joseph Steinberg

JULY 7, 2022

A mischievous hacker, or group of hackers, took over Disneyland’s official Instagram and Facebook accounts earlier today, and, apparently, defaced them both with a series of profane and racist posts. Walt Disney Company has confirmed the breach, which appears to have occurred around 7 AM US Eastern time. The entertainment giant stated that it responded to the incident with zeal: “We worked quickly to remove the reprehensible content, secure our accounts, and our security teams are conducting an

Accountability 252

Accountability Artificial Intelligence Media Data breaches 252

Krebs on Security

JULY 12, 2022

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.

Internet 254

Internet Internet Cyber threats Software 254

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Lohrman on Security

JULY 17, 2022

The questions I am most often asked, both online and in person at conferences and other events, surround how people can break into the cybersecurity field for the first time.

Cybersecurity 238

Cybersecurity 238

The Last Watchdog

JULY 11, 2022

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised. Related: VPNs vs ZTNA. Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets.

VPN 229

VPN Data breaches Internet Internet 229

Troy Hunt

JULY 30, 2022

I didn't intend for a bunch of this week's vid to be COVID related, but between the breach of an anti-vaxxer website and the (unrelated) social comments directed at our state premier following some pretty simple advice, well, it just kinda turned out that way. But there's more on other breaches too, in particular the alleged Paytm one and the actual Customer.io one.

Data breaches 245

Data breaches Advertising 245

Schneier on Security

JULY 27, 2022

Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as indispensable as national highways.

Software 320

Software Cybersecurity 320

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity