Schneier on Security

JULY 30, 2018

Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive.

Media 266

Media Accountability 266

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

Authentication 222

Authentication Mobile Passwords Accountability 222

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Data breaches 213

Data breaches Ransomware Cryptocurrency Passwords 213

Troy Hunt

JULY 31, 2018

So that little project Scott Helme and I took on - WhyNoHTTPS.com - seems to have garnered quite a bit of attention. We had about 81k visitors drop by on the first day and for the most part, the feedback has been overwhelmingly positive. Most people have said it's great to have the data surfaced publicly and they've used that list to put some pressure on sites to up their game.

Accountability 127

Accountability Insurance Banking Media 127

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

AUGUST 3, 2018

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.

Engineering 263

Engineering 263

Krebs on Security

AUGUST 3, 2018

TCM Bank , a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.

Banking 176

Banking Data breaches Identity Theft Retail 176

WIRED Threat Level

JULY 29, 2018

Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.

Internet 112

Internet Internet 112

Schneier on Security

AUGUST 1, 2018

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year.

260

260

Dark Reading

JULY 31, 2018

The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar - yet.

Cybersecurity 111

Cybersecurity 111

The Last Watchdog

AUGUST 2, 2018

The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying pr

Internet 160

Internet Internet Cybersecurity Education 160

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

AUGUST 2, 2018

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: BBQ time ?? pic.twitter.com/yq5hXOGABt — Troy Hunt (@troyhunt) August 3, 2018. References. Fashion Nexus suffered a data breach ("Is there an official statement?

Data breaches 109

Data breaches Passwords 109

Schneier on Security

AUGUST 1, 2018

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.

Big data 240

Big data Encryption Authentication IoT 240

Security Affairs

AUGUST 1, 2018

Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October and November 2017, this means that for months Android users were exposed to the attack.

Malware 101

Malware Advertising Software Passwords 101

The Last Watchdog

JULY 30, 2018

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

CISO 140

CISO Cyber Attacks Data collection Cybersecurity 140

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

AUGUST 3, 2018

One of the world’s largest websites has announced a security compromise. Reddit, the self-proclaimed “front page of the Internet,” announced a security breach that occurred over a three-day period in June. What Happened. The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.

Authentication 100

Authentication Hacking Passwords Internet 100

Schneier on Security

JULY 30, 2018

Good policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems.

Cybersecurity 221

Cybersecurity 221

Adam Shostack

JULY 31, 2018

I’m honored to have my threat modeling book on this short list with Daniel Kahneman, Tony Hsieh, Nicole Forsgren, and Tom DeMarco: “ Summer Reading List: Top Recommendations from our Engineers.

Engineering 100

Engineering 100

WIRED Threat Level

AUGUST 1, 2018

The Justice Department announced the arrest of three members of notorious cybercrime group Fin7—and detailed some of their methods in the process.

Cybercrime 93

Cybercrime Hacking 93

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

AUGUST 1, 2018

Reddit Warns Users of Data Breach. Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.

Data breaches 82

Data breaches Backups Passwords Authentication 82

Schneier on Security

AUGUST 2, 2018

Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash.

205

205

Adam Shostack

JULY 30, 2018

Cybersecurity 2.0 is a new promo from Humble Bundle. Nearly $800 worth of books, including my Threat Modeling, Schneier’s Secrets and Lies, and a whole lot more!

Cybersecurity 100

Cybersecurity 100

WIRED Threat Level

JULY 31, 2018

After five years, US lawmakers and law enforcement are starting to fight back against 3-D printed firearms and "ghost guns.".

76

76

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JULY 30, 2018

ICO platforms are becoming a privileged target for hackers, the last victim in order of time is KickICO, a Blockchain crowdfunding website for ICO. On Friday, KickICO disclosed a security breach, according to the platform attackers accessed to its wallets and stole over 70 million KICK tokens (roughly $7.7 million at the time). The incident occurred on July 26, at 09:04 UTC, KickICO CEO Anti Danilevski explained that its staff learned of the security breach from victims who complained to it. 

Advertising 77

Advertising Data breaches Marketing Hacking 77

Schneier on Security

JULY 31, 2018

The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?

Surveillance 158

Surveillance Hacking 158

Dark Reading

AUGUST 1, 2018

An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.

Data breaches 68

Data breaches Passwords 68

WIRED Threat Level

JULY 31, 2018

The company removed 32 pages and accounts from Facebook and Instagram for “coordinated inauthentic behavior.”.

Accountability 75

Accountability 75

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 3, 2018

Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Security experts have uncovered a massive cryptojacking campaign that is targeting MikroTik routers, the hackers aim to change the configuration of the devices to inject a Coinhive cryptocurrency mining script in the users’ web traffic.

Cryptocurrency 75

Cryptocurrency Internet Internet Advertising 75

Schneier on Security

AUGUST 3, 2018

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military needs a cyber corps in the future, but by accelerating promotions, offering graduate school to newly commissioned officers, easing limited lateral entry for exceptional private-sector talent, and shortening

Cybersecurity 132

Cybersecurity Hacking 132

Dark Reading

AUGUST 1, 2018

HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.

Hacking 65

Hacking 65

WIRED Threat Level

AUGUST 1, 2018

The tech community has known about the risk of using SMS in two-factor authentication for years. Reddit appears to have missed the memo.

Hacking 74

Hacking Authentication Risk 74

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity