Sat.Feb 17, 2018 - Fri.Feb 23, 2018

article thumbnail

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Troy Hunt

Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems. How? NIST explains : When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.

Passwords 279
article thumbnail

Facebook Will Verify the Physical Location of Ad Buyers with Paper Postcards

Schneier on Security

It's not a great solution, but it's : The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a federal office, Katie Harbath, Facebook's global director of policy programs, said. The requirement will not apply to issue-based political ads, she said. "If you run an ad mentioning a candidate, we are going to mail you a postcard and you will have to use that code to prove you are in the United States," Harbath said a

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Rick Gates' Guilty Plea Means For Mueller’s Probe

WIRED Threat Level

Paul Manafort’s longtime deputy is cooperating with the special prosecutor, so we may soon have answers to these questions hovering around the Russia investigation.

112
112
article thumbnail

AI/ML and Digital Security

Thales Cloud Protection & Licensing

Sixty-four percent of the more than 1,200 senior security executives from around the world, whom we surveyed for the 2018 Thales Data Threat Report (DTR), believe artificial intelligence (AI) “increases data security by recognizing and alerting on attacks,” while 43% believe AI “results in increased threats due to use as a hacking tool.”. They’re both right.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 75

Troy Hunt

Every now and then, I look at one of the videos I've just recorded and only realise then how tired I look. This was one of those weeks and it was absolutely jam-packed! There was some awesome stuff and there was some very frustrating stuff. Let me add briefly to the latter here: The joy of participating in online communities is that we have these melting pots of diverse backgrounds and ideas all coming together in the one place.

article thumbnail

New Spectre/Meltdown Variants

Schneier on Security

Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks.

More Trending

article thumbnail

Anatomy of an Attack on the Industrial IoT

Dark Reading

How cyber vulnerabilities on sensors can lead to production outage and financial loss.

IoT 77
article thumbnail

Cryptojacking Attack Found on Los Angeles Times Website

Threatpost

A security researcher found Coinhive code hidden on a Los Angeles Times’ webpage that was secretly using visitors’ devices to mine cryptocurrency.

article thumbnail

Election Security

Schneier on Security

I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. The measure authorizes appropriation of grants to the states to take important and time-sensitive actions, including: Replacing insecure paperless voting systems with new equipment that will process a paper ballot; Implementing post-election audits of paper ballots or records to verify electronic tallies; Conductin

article thumbnail

US Border Patrol Hasn’t Validated E-Passport Data For Years

WIRED Threat Level

For over a decade, US Customs and Border Patrol has been unable to verify the cryptographic signatures on e-Passports, because they never installed the right software.

Software 111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

10 Can't-Miss Talks at Black Hat Asia

Dark Reading

With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.

73
article thumbnail

ArcSight vs IBM QRadar: Top SIEM Solutions Compared

eSecurity Planet

A look at the strengths and weaknesses of ArcSight and IBM QRadar, two leading SIEM solutions.

59
article thumbnail

On the Security of Walls

Schneier on Security

Interesting history of the security of walls: Dún Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles, 17th century star-shaped artillery fortifications, and even "defense in depth" security architecture promoted today by the National Institute of Standards and Technology , the Nuclear Regulatory Commission , and countless other security organizations world-wide.

article thumbnail

WhatsApp Co-Founder Brian Acton Injects $50 Million in Newly Formed Signal Foundation

WIRED Threat Level

WhatsApp co-founder Brian Acton has taken on the leadership of the non-profit behind that popular encryption app—and given it a serious injection of cash.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

7 Cryptominers & Cryptomining Botnets You Can't Ignore

Dark Reading

Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.

71
article thumbnail

Year-Old Coldroot RAT Targets MacOS, Still Evades Detection

Threatpost

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers.

article thumbnail

Harassment By Package Delivery

Schneier on Security

People harassing women by delivering anonymous packages purchased from Amazon. On the one hand, there is nothing new here. This could have happened decades ago, pre-Internet. But the Internet makes this easier, and the article points out that using prepaid gift cards makes this anonymous. I am curious how much these differences make a difference in kind, and what can be done about it.

Internet 131
article thumbnail

Inside the Mueller Indictment: A Russian Novel of Intrigue

WIRED Threat Level

The cast of characters revealed in the special counsel's epic indictment is drawn from the overlapping circles of oligarchs, spooks, and mob figures.

111
111
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers

Dark Reading

The new malware also can turn bots into DDoS attack machines, says Fortinet.

IoT 67
article thumbnail

Trend Micro Tipping Point: IDPS Product Overview and Analysis

eSecurity Planet

We review Trend Micro's intrusion prevention solution, which blocks malicious traffic at up to 120 Gbps while providing comprehensive threat intelligence.

56
article thumbnail

uTorrent Users Warned of Remote Code Execution Vulnerability

Threatpost

Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent's web-based BitTorrent client and its uTorrent Classic desktop client.

DNS 56
article thumbnail

Mueller Indictment Shows Russia's Internet Research Agency Inner Workings

WIRED Threat Level

The most chilling aspect of that blockbuster Mueller indictment? The bureaucracy behind Russia's onslaught.

Internet 111
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

IRS Warns of Spike in W-2 Phishing Emails

Dark Reading

The IRS reports an increase in reports of phishing emails asking for W-2 information.

article thumbnail

How a Data Protection Impact Assessment Helps You Comply with GDPR

eSecurity Planet

How to conduct a data protection impact assessment (DPIA) and why it is critical for GDPR compliance.

52
article thumbnail

Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

Threatpost

Drupal has patched several vulnerabilities – both moderately critical and critical – in two versions of its content management system platform.

52
article thumbnail

APT37: Inside the Toolset of an Elite North Korean Hacker Group

WIRED Threat Level

Security researcher at FireEye break down the arsenal of APT37, a North Korean hacker team coming into focus as a rising threat.

111
111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

93% of Cloud Applications Aren't Enterprise-Ready

Dark Reading

The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.

55
article thumbnail

8 Top Intrusion Detection and Prevention Systems

eSecurity Planet

Intrusion detection and prevention systems spot hackers as they attempt to breach a network. We review eight of the top IDPS appliances to help you choose.

50
article thumbnail

FBI Warns of Spike in W-2 Phishing Campaigns

Threatpost

A recent FBI public service advisory warned of an increase in reports of compromised or spoofed emails involving W-2 forms.

article thumbnail

Beware This Incredibly Silly—But Still Effective—Tax Scam

WIRED Threat Level

There are lots of tax scams out there, but this is the only one that pays you first.

Scams 111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!