Troy Hunt

JUNE 25, 2018

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Often, it's after someone has searched Have I Been Pwned (HIBP) and found themselves pwned somewhere or other. Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: large @ticketfly data breach. thanks @troyhunt for the excellent @haveibeenpwned service that notifies users o

Passwords 272

Passwords Data breaches Password Management Accountability 272

Schneier on Security

JUNE 27, 2018

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data.

Encryption 248

Encryption Government 248

Krebs on Security

JUNE 28, 2018

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked.

Banking 215

Banking Accountability Mobile Media 215

The Last Watchdog

JUNE 13, 2018

The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems.

Mobile 182

Mobile Banking IoT Social Engineering 182

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Levin

JUNE 29, 2018

If the reports are accurate, a Florida-based marketing and data company exposed sensitive personal data belonging to 340 million records. The gravity of the situation is yet to be confirmed or even discussed by Exactis, but the leak is estimated to include 230 million consumers and 110 million businesses. If confirmed, this breach involves basically everyone in the United States.

Marketing 120

Marketing Surveillance Scams Accountability 120

WIRED Threat Level

JUNE 27, 2018

The leak may include data on hundreds of millions of Americans, with hundreds of details for each, from demographics to personal interests.

Marketing 112

Marketing 112

Schneier on Security

JUNE 14, 2018

For many years, I have said that complexity is the worst enemy of security. At CyCon earlier this month, Thomas Dullien gave an excellent talk on the subject with far more detail than I've ever provided. Video. Slides.

206

206

Krebs on Security

JUNE 26, 2018

Previous stories here on the proliferation of card-skimming devices hidden inside fuel pumps have offered a multitude of security tips for readers looking to minimize their chances of becoming the next victim, such as favoring filling stations that use security cameras and tamper-evident tape on their pumps. But according to police in San Antonio, Texas, there are far more reliable ways to avoid getting skimmed at a fuel station.

Banking 199

Banking Accountability Manufacturing Scams 199

The Last Watchdog

JUNE 14, 2018

Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures. Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.

Data breaches 182

Data breaches Software Internet Internet 182

eSecurity Planet

JUNE 26, 2018

Stopping a DDoS attack quickly is critical for the survival of your business. Here are six ways you can stop a DDoS attack.

DDOS 111

DDOS 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JUNE 26, 2018

Trump’s call for a “Space Force” escalates a quiet, dangerous contest between the US, China, and Russia—one whose consequences no one really understands.

111

111

Troy Hunt

JUNE 8, 2018

I'm not sure how I found myself in a European award program, maybe it's like Australians in Eurovision ? But somehow, I wiggled my way into The European Security Blogger Awards and before even having a chance to come down off the high that was last week's Award for Information Security Excellence at the AusCERT conference in Australia , this happened: @troyhunt hey mate, you just won the EU security blogger of the year.

Technology 132

Technology Information Security 132

Schneier on Security

JUNE 18, 2018

Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that : The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account an unlock every lock. You can open the lock with a screwdriver. Regarding the third flaw, the manufacturer has responded that ".the lock is invincible to the people who do not have a screwdriver.".

Manufacturing 184

Manufacturing Internet Internet Accountability 184

Krebs on Security

JUNE 18, 2018

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Craig Young , a researcher with security firm Tripwire , said he discovered an authentication weakness that leaks incredibly accurate location information about users of both

IoT 199

IoT Internet Internet Wireless 199

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

JUNE 20, 2018

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. There’s a temptation to dismiss it as a mere nuisance; companies deep into ‘digital transformation,’ in particular, might be lulled into this sort of apathy.

Cryptocurrency 176

Cryptocurrency Ransomware Passwords Malware 176

Adam Levin

JUNE 25, 2018

If Facebook’s ongoing privacy woes become any more regular, clocks may soon become obsolete. This week’s (first?) news about the increasingly leak-prone company (or increasingly transparent company when it comes to leaks?) has to do with an accident. Scratch that. What do you call an ongoing accident? Perhaps the correct answer, is Facebook. The company has been accidentally sending data from apps that run on their platform to testers (people who use beta versions of the apps to identify bugs),

Government 108

Government Accountability 108

WIRED Threat Level

JUNE 22, 2018

Thanks to Carpenter v. United States, the government will now generally need a warrant to obtain your cell site location information.

Government 111

Government 111

Troy Hunt

JUNE 11, 2018

Running Have I Been Pwned (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents. Last week I had an all new situation arise related to that last point and I want to explain it properly here so it makes sense if someone finds themselves in th

Cryptocurrency 130

Cryptocurrency Cybercrime Data breaches Passwords 130

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JUNE 29, 2018

Here's some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into our laboratory and gave them a simple task ­-- to look at a series of computer-generated faces and decide which ones seem "threatening.

Manufacturing 176

Manufacturing Risk 176

Krebs on Security

JUNE 13, 2018

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court.

Data breaches 185

Data breaches Identity Theft Data privacy Technology 185

The Last Watchdog

JUNE 18, 2018

Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller. This truism is pushing banks into unchartered territory. They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials.

Banking 173

Banking Mobile Social Engineering Authentication 173

Dark Reading

JUNE 5, 2018

IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be 'weaponized.

Hacking 107

Hacking 107

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JUNE 10, 2018

Microsoft's Windows red team probes and prods the world's biggest operating system through the eyes of an adversary.

111

111

Troy Hunt

JUNE 10, 2018

Wow wow wow! What a week! This video is going out a couple of days late but if ever I had a good excuse for it, this week is the one. Scott and I are in Oslo this week having just flown in from London where we collectively scooped up 3 awards, one each at the European Blogger Awards and the big one (quite literally - the thing weights several kilos), the SC Award for Best Emerging Technology courtesy of Report URI.

InfoSec 128

InfoSec Technology 128

Schneier on Security

JUNE 28, 2018

The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy. From the executive summary: Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.

Media 175

Media Accountability 175

Krebs on Security

JUNE 19, 2018

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T , Sprint and Verizon now say they are terminating location data sharing agreements with third parties. At issue are companies known in the wireless industry as “location aggregators,” entities that manage requests for real-time customer location data for a variety of purposes, such as roadside assistance and emergenc

Mobile 179

Mobile Wireless Telecommunications Technology 179

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Last Watchdog

JUNE 28, 2018

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then typing the passcode to gain access to a privileged account.

Authentication 154

Authentication Digital transformation Mobile Technology 154

Dark Reading

JUNE 8, 2018

The default sharing setting was accidentally changed for millions of accounts during a four-day period last month.

Accountability 106

Accountability 106

WIRED Threat Level

JUNE 7, 2018

Encyclopedia Britannica released a Chrome extension designed to fix Google's sometimes inaccurate "featured snippets.".

111

111

Troy Hunt

JUNE 8, 2018

I don't normally do back-to-back blog posts, but this was no normal week! I just posted about how I won the European Security Blogger Award Grand Prix Prize for the Best Overall Security Blog and per the title of this post, a couple of hours later Scott Helme and I backed it up with this at the SC Awards : To us! ?? #SCAwards2018 pic.twitter.com/Gv7hhzT9T2 — Report URI (@reporturi) June 5, 2018.

Technology 122

Technology Marketing 122

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity