Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Of course, we all know that but it's interesting to look back on that post all these years later and realise that unfortunately, nothing has really changed.

Password Management 263

Password Management Passwords Data breaches Retail 263

Schneier on Security

MARCH 29, 2018

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos , things we type and delete without posting, and things we do while not on Facebook and even when we're offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits -- even if we didn't

Surveillance 247

Surveillance Artificial Intelligence Advertising Big data 247

WIRED Threat Level

MARCH 27, 2018

What's happening at the US Army's new cyber branch headquarters marks a change for Fort Gordon. Hell, it might be changing warfare itself—all through a computer screen.

111

111

Thales Cloud Protection & Licensing

MARCH 22, 2018

This blog was originally published on Business Reporter. To view the article, please click here. To see where the future of payments lies, we should look to its past. The concept of payment, at its most fundamental, is simply about people agreeing to exchange goods or services. A fair trade of one thing for another. Go back a few thousand years and the invention of money meant that food could be effectively turned into metal and stored for as long as needed, before being turned back into food ag

Banking 107

Banking Financial Services Accountability Technology 107

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Elie

MARCH 10, 2018

This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.

Malware 107

Malware Adware Accountability Backups 107

Dark Reading

MARCH 2, 2018

Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.

Passwords 103

Passwords Accountability Phishing 103

Schneier on Security

MARCH 14, 2018

One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average?

236

236

WIRED Threat Level

MARCH 21, 2018

Despite the repeated privacy lapses, Facebook offers a fairly robust set of tools to control who knows what about you.

Accountability 112

Accountability 112

Thales Cloud Protection & Licensing

MARCH 13, 2018

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. In Linux, for instance, it takes four openSSL commands to generate an encryption key and encrypt data. However, simply encrypting data is not a sufficient control when storing data in the cloud.

Encryption 95

Encryption Risk Accountability 95

Elie

MARCH 10, 2018

This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.

Malware 91

Malware Adware Accountability Backups 91

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

MARCH 1, 2018

A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.

Cybersecurity 100

Cybersecurity 100

Troy Hunt

MARCH 1, 2018

If I'm honest, I'm constantly surprised by the extent of how far Have I Been Pwned (HIBP) is reaching these days. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking "I wonder if people actually know where their data has been exposed?" I built it in part to help people answer that question and in part because my inner geek wanted to build an interesting project on Microsoft's Azure.

Government 199

Government Data breaches Passwords Authentication 199

Schneier on Security

MARCH 22, 2018

Interesting analysis and speculation.

Engineering 202

Engineering 202

WIRED Threat Level

MARCH 19, 2018

In undercover videos filmed by Britain’s Channel 4 news, Cambridge Analytica executives appear to offer up various unsavory tactics to influence campaigns.

112

112

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Thales Cloud Protection & Licensing

MARCH 28, 2018

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data. Enterprises cannot ignore the responsibility of implementing a strong key assurance service that ensures they maintain control of their own risks.

Encryption 90

Encryption Government Authentication Accountability 90

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

Dark Reading

MARCH 30, 2018

The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.

Cybersecurity 94

Cybersecurity 94

Troy Hunt

MARCH 21, 2018

There's no way to sugar-coat this: Have I Been Pwned (HIBP) only exists due to a whole bunch of highly illegal activity that has harmed many individuals and organisations alike. That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach).

Data breaches 193

Data breaches Government Passwords Media 193

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 15, 2018

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two sets: what humans do well and what computers do well.

Artificial Intelligence 201

Artificial Intelligence Internet Internet Technology 201

WIRED Threat Level

MARCH 20, 2018

Alphabet tech incubator Jigsaw wants to make it easy to run your own, more private virtual private network.

VPN 111

VPN Software 111

Thales Cloud Protection & Licensing

MARCH 6, 2018

Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data.

Data privacy 88

Data privacy Encryption Healthcare Insurance 88

Elie

MARCH 17, 2018

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The. first post. recounts Gooligan’s origin story and provides an overview of how it works.

Encryption 82

Encryption Malware Marketing Manufacturing 82

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

MARCH 16, 2018

Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.

Cybercrime 87

Cybercrime 87

Troy Hunt

MARCH 27, 2018

Recently, I've witnessed a couple of incidents which have caused me to question some pretty fundamental security basics with our local Aussie telcos, specifically Telstra and Optus. It began with a visit to the local Telstra store earlier this month to upgrade a couple of phone plans which resulted in me sitting alone by this screen whilst the Telstra staffer disappeared into the back room for a few minutes: Is it normal for @Telstra to display customer passwords on publicly facing terminals in

Passwords 157

Passwords Banking Mobile Telecommunications 157

Schneier on Security

MARCH 19, 2018

Last week, the Israeli security company CTS Labs published a series of exploits against AMD chips. The publication came with the flashy website , detailed whitepaper , cool vulnerability names -- RYZENFALL, MASTERKEY, FALLOUT, and CHIMERA -- and logos we've come to expect from these sorts of things. What's new is that the company only gave AMD a day's notice, which breaks with every norm about responsible disclosure.

183

183

WIRED Threat Level

MARCH 19, 2018

You give Facebook all of your data in exchange for using their service—an exchange that seems increasingly out of whack.

111

111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Thales Cloud Protection & Licensing

MARCH 29, 2018

As the volume of both card-based payments and digital payments continue to grow significantly year-on-year, the importance of securing sensitive card data (and in particular the primary account number or PAN) has never been a more critical and challenging task. In the recent Thales eSecurity eBook, ‘ PCI Compliance and Data Protection for Dummies ’, we cover the main technologies that can be used, such as encryption and tokenization, to help with such efforts in protecting the payment prior to a

Data breaches 87

Data breaches Encryption Mobile IoT 87

Threatpost

MARCH 21, 2018

Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.

Hacking 82

Hacking 82

eSecurity Planet

MARCH 13, 2018

Every business uses email, yet many are unaware of email security threats. Here's a look at the threats - and how to secure your business email.

78

78

Troy Hunt

MARCH 17, 2018

Last day of travel! The weekly update is out late due to a packed week which I endured whilst battling a cold as well which has made it pretty rough. But other than that, it was a fantastic week recording Pluralsight courses and meeting with some really cool tech companies which I talk about in the update. I also talk a lot about credential stuffing which is just becoming an absolutely massive issue at present and I'll write more on that from home next week.

Risk 119

Risk 119

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity