Sat.May 26, 2018 - Fri.Jun 01, 2018

article thumbnail

1834: The First Cyberattack

Schneier on Security

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements.

Scams 250
article thumbnail

Welcoming the Spanish Government to Have I Been Pwned

Troy Hunt

A couple of months ago, I shared news of on-boarding the UK and Australian governments to Have I Been Pwned (HIBP). As I explained at the time, I wanted to provide the folks there with easy access to their respective government domains which meant providing them with the facility to query at the TLD level - namely,gov.uk and.gov.au - as well as across a handful of their other whitelisted gov domains on other TLDs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How WIRED Lost $100,000 in Bitcoin

WIRED Threat Level

We mined roughly 13 Bitcoins and then ripped up our private key. We were stupid—but not alone.

112
112
article thumbnail

Attacks against machine learning — an overview

Elie

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Damaging Hard Drives with an Ultrasonic Attack

Schneier on Security

Playing a sound over the speakers can cause computers to crash and possibly even physically damage the hard drive. Academic paper.

163
163
article thumbnail

AusCERT and the Award for Information Security Excellence

Troy Hunt

I've been at the AusCERT conference this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world. And what an awesome walk too, right on the turn into "winter", which means something quite different in this part of the world: Off to #AusCERT2018 ! It’s all blue outside today, what an awesome day for a short walk from home ??

More Trending

article thumbnail

Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net

Dark Reading

One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.

91
article thumbnail

Numbers Stations

Schneier on Security

On numbers stations.

article thumbnail

Weekly Update 89

Troy Hunt

An exciting weekly update - I got an award! I did write about it earlier this morning, but I talk about it more in this week's update and explain why it means a lot. In other news, I'm heading back to Europe in a few days from now so am doing the last-minute rush tying up loose ends here, finishing presentations and just generally preparing myself for what will be another hectic few weeks.

Passwords 114
article thumbnail

Puppy Brain Scans Could Help Pick the Best Dog Bomb Sniffers

WIRED Threat Level

Researchers are working to identify behavioral and neurological indicators that determine which lil puppers will grow into good bomb-sniffing doggos.

111
111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Attacks against machine learning — an overview

Elie

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs. , which are specially crafted inputs that have been developed with the aim of being reliably misclassified in order to evade detection.

article thumbnail

Kidnapping Fraud

Schneier on Security

Fake kidnapping fraud : "Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they're being held responsible," Commander McLean said. The scammers threaten the students with deportation from Australia or some kind of criminal punishment.

Scams 124
article thumbnail

Cybercrime Is Skyrocketing as the World Goes Digital

Dark Reading

If cybercrime were a country, it would have the 13th highest GDP in the world.

article thumbnail

Papua New Guinea Wants to Ban Facebook. It Shouldn't

WIRED Threat Level

The island nation is considering blocking Facebook for one month in order to collect information on fake profiles, pornography, and more. But the impact could be severe.

110
110
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Threatpost

The exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources.

article thumbnail

Mapping the threat: an insight into data breaches across Europe

Thales Cloud Protection & Licensing

According to Thales eSecurity’s latest Data Threat Report, European Edition , almost three in four businesses have now fallen victim to some of the world’s most significant data breaches, resulting in a loss of sensitive data and diminished customer trust. It’s no surprise feelings of vulnerability are high, with just 8 per cent of businesses not feeling at risk.

article thumbnail

Machine Learning, Artificial Intelligence & the Future of Cybersecurity

Dark Reading

The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.

article thumbnail

The Bleak State of Federal Government Cybersecurity

WIRED Threat Level

Nearly three out of four federal agencies is unprepared for a cyberattack, and there's no system in place to fix it.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Attacks against machine learning — an overview

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

The DHS Cybersecurity Strategy: Five Pillars of Cybersecurity Goals

Thales Cloud Protection & Licensing

The recent DHS Cybersecurity Strategy was released at a crucial time when today’s cyberspace has become a new frontier for warfare for both nation states and criminal hackers. And as we continue to move into an era of digital transformation and interconnectedness, there is increasing concern among organizations and average citizens around the security of sensitive data.

article thumbnail

Alexa Mishap Hints at Potential Enterprise Security Risk

Dark Reading

When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.

Risk 66
article thumbnail

Why Russian Journalist Arkady Babchenko Faked His Own Murder—And What Happens Now

WIRED Threat Level

Russian war correspondent Arkady Babchenko was reported dead Tuesday. On Wednesday, he showed up at a press conference, very much alive.

104
104
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Threatpost

Google has rolled out its newest browser version (Chrome 67.0.3396.62) for Windows, Mac and Linux this week with new security fixes and biometric features.

53
article thumbnail

How to Secure Edge Computing

eSecurity Planet

As cloud computing moves to the edge of network, organizations will face new security challenges.

51
article thumbnail

6 Ways Third Parties Can Trip Up Your Security

Dark Reading

Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems

63
article thumbnail

Pwned Passwords in Practice: Real World Examples of Blocking the Worst Passwords

Troy Hunt

Back in August, I pushed out a service as part of Have I Been Pwned (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches via both a downloadable file and an online service. This was in response to NIST's Digital Identity Guidelines and in particular, the following recommendation: When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospec

Passwords 251
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Singapore ISP Leaves 1,000 Routers Open to Attack

Threatpost

Telcom firm leaves port open on customer routers after maintenance update exposing hundreds of customers to possible attack.

article thumbnail

An Inside Look at OpenStack Security Efforts

eSecurity Planet

OpenStack is a widely used open-source cloud platform, but isn't secure by default. OpenStack experts reveal what is needed to make your cloud secure.

46
article thumbnail

Google Groups Misconfiguration Exposes Corporate Data

Dark Reading

Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.

62
article thumbnail

Friday Squid Blogging: Do Cephalopods Contain Alien DNA?

Schneier on Security

Maybe not DNA, but biological somethings. " Cause of Cambrian explosion -- Terrestrial or Cosmic? ": Abstract: We review the salient evidence consistent with or predicted by the Hoyle-Wickramasinghe (H-W) thesis of Cometary (Cosmic) Biology. Much of this physical and biological evidence is multifactorial. One particular focus are the recent studies which date the emergence of the complex retroviruses of vertebrate lines at or just before the Cambrian Explosion of ~500 Ma.

123
123
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!