Sat.Nov 04, 2017 - Fri.Nov 10, 2017

article thumbnail

Me on the Equifax Breach

Schneier on Security

Testimony and Statement for the Record of Bruce Schneier. Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School. Fellow, Berkman Center for Internet and Society at Harvard Law School. Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerce". Before the. Subcommittee on Digital Commerce and Consumer Protection.

article thumbnail

The One Valuable Thing All Websites Have: Reputation (and Why It's Attractive to Phishers)

Troy Hunt

Here's something I hear quite a bit when talking about security things: Our site isn't a target, it doesn't have anything valuable on it. This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it's a perfectly reasonable position. They don't collect any credentials, they don't have any payment info and in many cases, the site is simply a static representation of content that rarely changes.

Phishing 192
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-theshelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums.

article thumbnail

Department of Defense's 'Hack the Pentagon' Bug Bounty Program Helps Fix Thousands of Bugs

WIRED Threat Level

The Department of Defense's bug bounty program was a smashing success. And other government agencies have taken notice.

Hacking 112
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hacking a Fingerprint Biometric

Schneier on Security

Embedded in this story about infidelity and a mid-flight altercation, there's an interesting security tidbit: The woman had unlocked her husband's phone using his thumb impression when he was sleeping.

Hacking 174
article thumbnail

Weekly Update 60

Troy Hunt

Loads of bits and pieces this week ranging from travel (including something truly awesome that I can't go into detail on just yet) to Report URI to HIBP. There's also the competition for the Lenovo ThinkPad where I talk about the 4 finalists and if you're reading this within about 18 hours of me posting it, you can still vote for them here: It's time to vote!

107
107

More Trending

article thumbnail

Facebook Isn't Listening Through Your Phone's Microphone. It Doesn't Have To

WIRED Threat Level

The internet is awash in theories about Facebook using your smartphone's microphone to eavesdrop on your conversations. It's not. Here's why.

Internet 111
article thumbnail

Daphne Caruana Galizia's Murder and the Security of WhatsApp

Schneier on Security

Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were. One journalist reports : Part of Daphne's destroyed smart phone was elevated from the scene.

Mobile 170
article thumbnail

Barracuda Acquires Sonian for Email Intelligence and Security

eSecurity Planet

The combined company will lend visibility into how the email habits of users align with a business security, legal and compliance requirements.

56
article thumbnail

AutoIt Scripting Used By Overlay Malware to Bypass AV Detection

Threatpost

IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How Level 3's Tiny Error Shut Off the Internet for Parts of the US

WIRED Threat Level

A simple misconfiguration spiraled into outages for internet service providers and large internet platforms around the US.

Internet 111
article thumbnail

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

Schneier on Security

There's a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate : The scam generally works like this: Hackers find an opening into a title company's or realty agent's email account, track upcoming home purchases scheduled for settlements -- the pricier the better -- then assume the identity of the title agency person handling the transaction.

Scams 168
article thumbnail

IoT Security Fail: 82 Percent of Companies Can't Identify All Network-Connected Devices

eSecurity Planet

76 percent are rethinking their security strategies as a result.

IoT 54
article thumbnail

Eavesdropper Vulnerability Exposes Mobile Call, Text Data

Threatpost

Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure.

Mobile 45
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to Keep Your Bitcoin Safe and Secure

WIRED Threat Level

Bitcoin and other cryptocurrencies have exploded in value—making them an ever-more attractive target for scammers and hackers. Here's how to protect investment.

article thumbnail

New Research in Invisible Inks

Schneier on Security

It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly (if only you could see them) in the data-encryption/decryption arena lately. But some of the materials are costly or difficult to prepare, and many of these inks remain somewhat visible when illuminated with ambient or ultraviolet light.

article thumbnail

79 Percent of Companies Have No Plan in Place for GDPR

eSecurity Planet

23 percent haven't yet determined whether it's relevant to their organization.

53
article thumbnail

Threatpost News Wrap Podcast for Nov. 10

Threatpost

Threatpost editors Mike Mimoso and Tom Spring discuss the week's information security news.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

How the Mimikatz Hacker Tool Stole the World's Passwords

WIRED Threat Level

How a program called Mimikatz became one of the world's most widespread and powerful hacking tools.

Passwords 111
article thumbnail

AI in Cybersecurity: White And Dark Sides

Spinone

Some people believe that Artificial Intelligence (AI) has the ability to amplify our natural human intelligence, as long as it remains in good hands. Let’s take a closer look at AI and how it can benefit – or negatively influence – our lives in the near future. Artificial intelligence is progressing at a rapid pace and we often associate it with science fiction movies where we see robots performing human-like tasks.

article thumbnail

88 Percent of IT Security Pros Have Trouble Managing Privileged Passwords

eSecurity Planet

Eighteen percent use a paper logbook to do so.

article thumbnail

Facebook Fingerprinting Photos to Prevent Revenge Porn

Schneier on Security

This is a pilot project in Australia: Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be "hashed." This means that the company converts the image into a unique digital fingerprint that can be used to identify and block any attempts to re-upload that same image.

168
168
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Why the Netflix Phishing Email Works So Well

WIRED Threat Level

That Netflix phishing scheme has been around for months—and it's clever enough to stick around.

Phishing 111
article thumbnail

NIST Cybersecurity Framework: IoT and PKI Security

Thales Cloud Protection & Licensing

In order to talk about any specialized field of knowledge, you need a common language with agreed upon terms, definitions and some level of accepted industry standards. Cybersecurity is no different. But as the industry has evolved, this critical foundational concept has somehow taken a backseat. As both the public and private sector embrace digital transformation and face an increasingly sophisticated threat scape, presidential executive orders have sought to remedy that problem.

IoT 97
article thumbnail

Security Applications of Blockchain

eSecurity Planet

Certificate authorities, key signings and DNS records are some of the ways Blockchain could make data and the web more secure and prevent DDoS attacks

DNS 43
article thumbnail

Friday Squid Blogging: Squid Season May Start Earlier Next Year

Schneier on Security

Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

155
155
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The Apple iOS 11 Privacy and Security Settings You Should Check

WIRED Threat Level

Heads up, iPhone owners. iOS 11 comes with a batch of security features that merit your attention.

110
110
article thumbnail

How Journalists Fought Back Against Crippling Email and Subscription Bombs

WIRED Threat Level

After ProPublica journalists wrote about hate groups, the trolls retaliated by signing them up for thousands of subscriptions. That was only the beginning.

101
101
article thumbnail

Google Chrome Will Stop Sketchy Redirects Soon

WIRED Threat Level

With its latest update, Chrome's going to quash the junky redirects that turn the web into a house or horror.

100
100
article thumbnail

Russia's 'Fancy Bear' Hackers Exploit a Microsoft Office Flaw—and NYC Terrorism Fears

WIRED Threat Level

Kremlin hackers are adapting their phishing tactics with both the latest software vulnerabilities and the latest news, new McAfee findings show.

Phishing 100
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!