Troy Hunt

MARCH 2, 2020

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. After 11 months of a very intensive process culminating in many months of exclusivity with a party I believed would ultimately be the purchaser of the service, unexpected changes to their business model made the deal infeasible.

Data breaches 336

Data breaches Marketing Cyber Insurance InfoSec 336

Krebs on Security

MARCH 3, 2020

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month.

Advertising 305

Advertising Insurance Internet Internet 305

Schneier on Security

MARCH 5, 2020

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and other public-health agencies are gathering information to learn how and where the virus is spreading. To do so, they are using a variety of digital communications and surveillance systems.

Surveillance 269

Surveillance Hacking Government Risk 269

Tech Republic Security

MARCH 2, 2020

Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.

IoT 218

IoT Cybersecurity Government 218

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

MARCH 4, 2020

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from previous data breaches from being used again and subsequently, putting their customers at heightened risk.

Passwords 273

Passwords Data breaches Risk Encryption 273

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of Apple , Dell , and Microsoft for helping to find and fix security vulnerabilities in their products.

DNS 276

DNS Penetration Testing Malware Hacking 276

Tech Republic Security

MARCH 3, 2020

Cybercriminals are finding new ways to get malware on mobile devices, including abusing Android's accessibility features, according to a McAfee report.

Mobile 212

Mobile Malware 212

Troy Hunt

MARCH 5, 2020

This is the big one. It's all HIBP and Project Svalbard top to bottom this week and I've chosen to exclude everything else in its favour. This is just such an essential part of not just the HIBP narrative, but indeed the narrative of my career and what gets me up each day. So here it is, the video insights version to the announcement post from a few days ago.

232

232

The Last Watchdog

MARCH 2, 2020

Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space. Related : How SOAR Is Helping to Address the Cybersecurity Skills Gap SIEM is useful for detecting potential security incidents and triggering alerts, but the addition of a SOAR solution brings these alerts to another level by triaging the data and adopting remediation measures where required.

Risk 191

Risk Banking Technology Cybersecurity 191

Schneier on Security

MARCH 3, 2020

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3.

Wireless 253

Wireless Manufacturing Encryption Hacking 253

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

MARCH 6, 2020

How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.

207

207

Adam Shostack

MARCH 5, 2020

Amazon has released a set of documents, “ Updates to Device Security Requirements for Alexa Built-in Products.” I want to look at these as a specific way to express a threat model, which is threat modeling along the supply chain, talk about the proliferation of this different kind of model, and what it means for engineering. (More precisely, since I don’t have an Amazon developer account, I’m going to look at the blog post, and infer some stuff about the underlying docume

IoT 176

IoT Engineering Software Architecture 176

The Last Watchdog

MARCH 6, 2020

Cyber threats now command the corporate sector’s full attention. It’s reached the point where some CEOs have even begun adjusting their personal online habits to help protect themselves, and by extension, the organizations they lead. Corporate consultancy PwC’s recent poll of 1,600 CEOs worldwide found that cyber attacks are now considered the top hinderance to corporate performance, followed by the shortage of skilled workers and the inability to keep up with rapid tech advances.

CISO 185

CISO VPN Digital transformation Internet 185

Schneier on Security

MARCH 2, 2020

Privacy International has the details : Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook. Information provided about the advertisers is also very limited (just a name and no contact details), preventing users from effectively exercising their rights.

Advertising 252

Advertising Data collection Cybersecurity 252

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

MARCH 4, 2020

How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.

207

207

WIRED Threat Level

MARCH 5, 2020

The crypto wars are back in full swing. .

Encryption 145

Encryption 145

The Last Watchdog

MARCH 4, 2020

Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled. Related : The promise and pitfalls of IoT At the technology level, two fundamental things must get accomplished.

IoT 157

IoT Authentication Internet Internet 157

Schneier on Security

MARCH 6, 2020

One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end: in South America, for instance, many of the governments that were using Crypto machines were engaged in assassination campaigns. Thousands of people were being disappeared, killed.

Surveillance 241

Surveillance Government 241

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 3, 2020

Security risks are important considerations with IoT initiatives. A Kaspersky report includes steps to take to prevent an IoT-targeted attack.

IoT 200

IoT Risk 200

Security Affairs

MARCH 5, 2020

New problems for the wireless carrier T-Mobile that disclosed a data breach that exposed some of the customers’ personal information. The wireless carrier T-Mobile was victims of a sophisticated cyber attack that targeted its email vendor. A data breach notification published by the telecommunications giant on its website revealed that the security breach impacted both employees and customers. “Our Cybersecurity team recently identified and shut down a malicious attack against our e

Mobile 145

Mobile Data breaches Telecommunications Wireless 145

Thales Cloud Protection & Licensing

MARCH 6, 2020

Disconnecting from your mobile device, laptop or tablet can be as good as a holiday. Simply taking a pause from email and social media in favor of a good book or conversation is known to increase your mood and life satisfaction. But it’s also a chance to step back and re-evaluate our online usage. In my family, we regularly ‘unplug’ and use the opportunity to discuss cyber awareness and topics such as the risks to our family information, how we can improve personal safety, and what are we doing

Encryption 130

Encryption Authentication Passwords CISO 130

Adam Shostack

MARCH 2, 2020

At Blackhat this summer, I’ll be offering threat modeling training at Blackhat. Last year, these sold out quickly, so don’t wait! This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on day 1, followed by an understanding of traps that they might fall into, and then progressing through the four questions: what are we working on, what can go wrong, what are we going to do about it and did we d

Engineering 130

Engineering Software Education 130

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 3, 2020

Existing controls are often not configured properly or deployed widely, allowing bad actors to steal data.

Threat Reports 196

Threat Reports 196

Security Affairs

MARCH 4, 2020

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. According to the firm, the US cyber spies are targeting various industry sectors and government agencies.

Hacking 145

Hacking Government Advertising Engineering 145

WIRED Threat Level

MARCH 5, 2020

Encryption flaws in a common anti-theft feature expose vehicles from major manufacturers.

Manufacturing 127

Manufacturing Encryption Hacking 127

Dark Reading

MARCH 6, 2020

Security pros detail the common and concerning ways attackers target enterprise cloud environments.

123

123

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

MARCH 3, 2020

When it comes to securing data, most enterprises are negligent and unaware, according to a Lepide report.

196

196

Security Affairs

MARCH 3, 2020

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. I ntroduction. Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34 , Gamaredon , and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity.

Malware 145

Malware Advertising Hacking Information Security 145

WIRED Threat Level

MARCH 4, 2020

A VPN won’t solve all of your privacy problems, but it can help make you a less tempting target for hackers.

VPN 126

VPN 126

Threatpost

MARCH 2, 2020

A security error in the Walgreens mobile app may have leaked customers' full names, prescriptions and shipping addresses.

Mobile 113

Mobile Healthcare Data breaches 113

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity