Troy Hunt

MARCH 2, 2020

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. After 11 months of a very intensive process culminating in many months of exclusivity with a party I believed would ultimately be the purchaser of the service, unexpected changes to their business model made the deal infeasible.

Data breaches 336

Data breaches Marketing Cyber Insurance InfoSec 336

Krebs on Security

MARCH 3, 2020

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month.

Advertising 299

Advertising Insurance Internet Internet 299

Schneier on Security

MARCH 5, 2020

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and other public-health agencies are gathering information to learn how and where the virus is spreading. To do so, they are using a variety of digital communications and surveillance systems.

Surveillance 344

Surveillance Hacking Government Risk 344

Tech Republic Security

MARCH 2, 2020

Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.

IoT 217

IoT Cybersecurity Government 217

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

MARCH 4, 2020

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from previous data breaches from being used again and subsequently, putting their customers at heightened risk.

Passwords 273

Passwords Data breaches Risk Encryption 273

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of Apple , Dell , and Microsoft for helping to find and fix security vulnerabilities in their products.

DNS 272

DNS Penetration Testing Malware Hacking 272

The Last Watchdog

MARCH 2, 2020

Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space. Related : How SOAR Is Helping to Address the Cybersecurity Skills Gap SIEM is useful for detecting potential security incidents and triggering alerts, but the addition of a SOAR solution brings these alerts to another level by triaging the data and adopting remediation measures where required.

Risk 191

Risk Banking Technology Cybersecurity 191

Troy Hunt

MARCH 5, 2020

This is the big one. It's all HIBP and Project Svalbard top to bottom this week and I've chosen to exclude everything else in its favour. This is just such an essential part of not just the HIBP narrative, but indeed the narrative of my career and what gets me up each day. So here it is, the video insights version to the announcement post from a few days ago.

217

217

Tech Republic Security

MARCH 3, 2020

Cybercriminals are finding new ways to get malware on mobile devices, including abusing Android's accessibility features, according to a McAfee report.

Mobile 204

Mobile Malware 204

Schneier on Security

MARCH 3, 2020

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3.

Wireless 320

Wireless Manufacturing Encryption Hacking 320

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

MARCH 6, 2020

Cyber threats now command the corporate sector’s full attention. It’s reached the point where some CEOs have even begun adjusting their personal online habits to help protect themselves, and by extension, the organizations they lead. Corporate consultancy PwC’s recent poll of 1,600 CEOs worldwide found that cyber attacks are now considered the top hinderance to corporate performance, followed by the shortage of skilled workers and the inability to keep up with rapid tech advances.

CISO 185

CISO VPN Digital transformation Internet 185

Adam Shostack

MARCH 5, 2020

Amazon has released a set of documents, “ Updates to Device Security Requirements for Alexa Built-in Products.” I want to look at these as a specific way to express a threat model, which is threat modeling along the supply chain, talk about the proliferation of this different kind of model, and what it means for engineering. (More precisely, since I don’t have an Amazon developer account, I’m going to look at the blog post, and infer some stuff about the underlying docume

IoT 176

IoT Engineering Software Architecture 176

Tech Republic Security

MARCH 6, 2020

How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.

197

197

Schneier on Security

MARCH 2, 2020

Privacy International has the details : Key facts: Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook. Information provided about the advertisers is also very limited (just a name and no contact details), preventing users from effectively exercising their rights.

Advertising 319

Advertising Data collection Cybersecurity 319

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

MARCH 4, 2020

Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled. Related : The promise and pitfalls of IoT At the technology level, two fundamental things must get accomplished.

IoT 157

IoT Authentication Internet Internet 157

Adam Shostack

MARCH 2, 2020

At Blackhat this summer, I’ll be offering threat modeling training at Blackhat. Last year, these sold out quickly, so don’t wait! This hands-on, interactive class will focus on learning to threat model by executing each of the steps. Students will start threat modeling early on day 1, followed by an understanding of traps that they might fall into, and then progressing through the four questions: what are we working on, what can go wrong, what are we going to do about it and did we d

Engineering 130

Engineering Software Education 130

Tech Republic Security

MARCH 4, 2020

How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.

197

197

Schneier on Security

MARCH 6, 2020

One follow-on to the story of Crypto AG being owned by the CIA: this interview with a Washington Post reporter. The whole thing is worth reading or listening to, but I was struck by these two quotes at the end: in South America, for instance, many of the governments that were using Crypto machines were engaged in assassination campaigns. Thousands of people were being disappeared, killed.

Surveillance 305

Surveillance Government 305

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MARCH 2, 2020

SurfingAttack is an attacking technique that allows to wake up mobile device and control them using voice commands encoded in ultrasonic waves. SurfingAttack is a hacking technique that sees voice commands encoded in ultrasonic waves silently activate a mobile phone’s digital assistant. The technique could be used to do several actions such as making phone calls or reading text messages.

Hacking 144

Hacking Mobile Advertising Engineering 144

Thales Cloud Protection & Licensing

MARCH 6, 2020

Disconnecting from your mobile device, laptop or tablet can be as good as a holiday. Simply taking a pause from email and social media in favor of a good book or conversation is known to increase your mood and life satisfaction. But it’s also a chance to step back and re-evaluate our online usage. In my family, we regularly ‘unplug’ and use the opportunity to discuss cyber awareness and topics such as the risks to our family information, how we can improve personal safety, and what are we doing

Encryption 130

Encryption Authentication Passwords CISO 130

Tech Republic Security

MARCH 3, 2020

Security risks are important considerations with IoT initiatives. A Kaspersky report includes steps to take to prevent an IoT-targeted attack.

IoT 189

IoT Risk 189

Dark Reading

MARCH 4, 2020

There are many challenges to safely carrying data and equipment on international travels, but the right policy can make navigating the challenges easier and more successful.

94

94

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MARCH 5, 2020

New problems for the wireless carrier T-Mobile that disclosed a data breach that exposed some of the customers’ personal information. The wireless carrier T-Mobile was victims of a sophisticated cyber attack that targeted its email vendor. A data breach notification published by the telecommunications giant on its website revealed that the security breach impacted both employees and customers. “Our Cybersecurity team recently identified and shut down a malicious attack against our e

Mobile 145

Mobile Data breaches Telecommunications Wireless 145

Thales Cloud Protection & Licensing

MARCH 3, 2020

This blog is co-written with Shian Sung from Keyfactor. In today’s development environment, it’s important for every organization to utilize code signing as a way to ensure that the applications and updates they deliver are trusted. This starts from the build process and goes all the way through to the release in order to develop code that maintains a strong root of trust, and with a high degree of authenticity and integrity.

InfoSec 93

InfoSec Software Risk Authentication 93

Tech Republic Security

MARCH 4, 2020

The coronavirus is spurring questions and concerns in the tech industry. Get tips about remote work, interviewing and hiring, travel, and cybersecurity, as well as the latest news.

Cybersecurity 153

Cybersecurity 153

Threatpost

MARCH 2, 2020

A security error in the Walgreens mobile app may have leaked customers' full names, prescriptions and shipping addresses.

Mobile 113

Mobile Healthcare Data breaches 113

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

MARCH 3, 2020

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. I ntroduction. Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34 , Gamaredon , and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity.

Malware 145

Malware Advertising Hacking Information Security 145

Dark Reading

MARCH 6, 2020

Security pros detail the common and concerning ways attackers target enterprise cloud environments.

123

123

Tech Republic Security

MARCH 4, 2020

Despite an increase in usage, a Valimail report found that of the 933,000 organizational domains with DMARC, only 13% are at enforcement.

166

166

Threatpost

MARCH 3, 2020

Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.

Cyber Attacks 104

Cyber Attacks Ransomware Malware Hacking 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity