Troy Hunt

FEBRUARY 21, 2018

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST explains : When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.

Passwords 279

Passwords Data breaches Mobile Risk 279

Schneier on Security

FEBRUARY 20, 2018

It's not a great solution, but it's : The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a federal office, Katie Harbath, Facebook's global director of policy programs, said. The requirement will not apply to issue-based political ads, she said. "If you run an ad mentioning a candidate, we are going to mail you a postcard and you will have to use that code to prove you are in the United States," Harbath said a

Advertising 152

Advertising 152

WIRED Threat Level

FEBRUARY 23, 2018

Paul Manafort’s longtime deputy is cooperating with the special prosecutor, so we may soon have answers to these questions hovering around the Russia investigation.

111

111

Thales Cloud Protection & Licensing

FEBRUARY 21, 2018

Sixty-four percent of the more than 1,200 senior security executives from around the world, whom we surveyed for the 2018 Thales Data Threat Report (DTR), believe artificial intelligence (AI) “increases data security by recognizing and alerting on attacks,” while 43% believe AI “results in increased threats due to use as a hacking tool.”. They’re both right.

Artificial Intelligence 89

Artificial Intelligence Big data Government Technology 89

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

FEBRUARY 23, 2018

Every now and then, I look at one of the videos I've just recorded and only realise then how tired I look. This was one of those weeks and it was absolutely jam-packed! There was some awesome stuff and there was some very frustrating stuff. Let me add briefly to the latter here: The joy of participating in online communities is that we have these melting pots of diverse backgrounds and ideas all coming together in the one place.

Data breaches 128

Data breaches Passwords Hacking 128

Schneier on Security

FEBRUARY 21, 2018

Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks.

Accountability 142

Accountability Software Malware 142

Dark Reading

FEBRUARY 23, 2018

With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.

73

73

eSecurity Planet

FEBRUARY 20, 2018

Intrusion detection and prevention systems spot hackers as they attempt to breach a network. We review eight of the top IDPS appliances to help you choose.

68

68

Schneier on Security

FEBRUARY 23, 2018

I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. The measure authorizes appropriation of grants to the states to take important and time-sensitive actions, including: Replacing insecure paperless voting systems with new equipment that will process a paper ballot; Implementing post-election audits of paper ballots or records to verify electronic tallies; Conductin

Accountability 141

Accountability Risk Cybersecurity 141

WIRED Threat Level

FEBRUARY 21, 2018

WhatsApp co-founder Brian Acton has taken on the leadership of the non-profit behind that popular encryption app—and given it a serious injection of cash.

Encryption 111

Encryption 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Threatpost

FEBRUARY 22, 2018

A security researcher found Coinhive code hidden on a Los Angeles Times’ webpage that was secretly using visitors’ devices to mine cryptocurrency.

Cryptocurrency 63

Cryptocurrency Malware 63

eSecurity Planet

FEBRUARY 20, 2018

We review Trend Micro's intrusion prevention solution, which blocks malicious traffic at up to 120 Gbps while providing comprehensive threat intelligence.

64

64

Schneier on Security

FEBRUARY 19, 2018

Interesting history of the security of walls: Dún Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles, 17th century star-shaped artillery fortifications, and even "defense in depth" security architecture promoted today by the National Institute of Standards and Technology , the Nuclear Regulatory Commission , and countless other security organizations world-wide.

Architecture 139

Architecture Technology 139

WIRED Threat Level

FEBRUARY 20, 2018

The cast of characters revealed in the special counsel's epic indictment is drawn from the overlapping circles of oligarchs, spooks, and mob figures.

110

110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

FEBRUARY 21, 2018

Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent's web-based BitTorrent client and its uTorrent Classic desktop client.

DNS 56

DNS Hacking 56

Dark Reading

FEBRUARY 21, 2018

Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.

71

71

Schneier on Security

FEBRUARY 22, 2018

People harassing women by delivering anonymous packages purchased from Amazon. On the one hand, there is nothing new here. This could have happened decades ago, pre-Internet. But the Internet makes this easier, and the article points out that using prepaid gift cards makes this anonymous. I am curious how much these differences make a difference in kind, and what can be done about it.

Internet 126

Internet Internet 126

WIRED Threat Level

FEBRUARY 23, 2018

Facebook is locking users out of their accounts until they download antivirus software that sometimes doesn't even work on their computers.

Antivirus 109

Antivirus Malware Accountability Software 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

FEBRUARY 21, 2018

A look at the strengths and weaknesses of ArcSight and IBM QRadar, two leading SIEM solutions.

74

74

Dark Reading

FEBRUARY 21, 2018

There's a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.

Healthcare 53

Healthcare IoT 53

Threatpost

FEBRUARY 20, 2018

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers.

Engineering 57

Engineering Malware 57

WIRED Threat Level

FEBRUARY 20, 2018

Security researcher at FireEye break down the arsenal of APT37, a North Korean hacker team coming into focus as a rising threat.

101

101

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

eSecurity Planet

FEBRUARY 23, 2018

How to conduct a data protection impact assessment (DPIA) and why it is critical for GDPR compliance.

66

66

Dark Reading

FEBRUARY 22, 2018

How cyber vulnerabilities on sensors can lead to production outage and financial loss.

IoT 77

IoT 77

Threatpost

FEBRUARY 23, 2018

Drupal has patched several vulnerabilities – both moderately critical and critical – in two versions of its content management system platform.

52

52

WIRED Threat Level

FEBRUARY 17, 2018

The most chilling aspect of that blockbuster Mueller indictment? The bureaucracy behind Russia's onslaught.

Internet 104

Internet Internet 104

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

eSecurity Planet

FEBRUARY 20, 2018

We review McAfee NSP, an intrusion prevention solution supports up to 32 million connections on a single appliance and uses intelligence to stop network attacks.

49

49

Dark Reading

FEBRUARY 22, 2018

Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.

Cybersecurity 51

Cybersecurity 51

Threatpost

FEBRUARY 20, 2018

Developer Flight Sim Labs is in hot water after acknowledging that it has installed malware in its flight simulator product that it said targets pirate users of its software.

Malware 43

Malware Software Passwords 43

WIRED Threat Level

FEBRUARY 20, 2018

The recent rash of cryptojacking attacks has hit a Tesla database that contained potentially sensitive information.

Cryptocurrency 95

Cryptocurrency 95

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity