Schneier on Security

AUGUST 1, 2018

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year.

277

277

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

Authentication 223

Authentication Mobile Passwords Accountability 223

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Data breaches 213

Data breaches Ransomware Cryptocurrency Passwords 213

Troy Hunt

JULY 31, 2018

So that little project Scott Helme and I took on - WhyNoHTTPS.com - seems to have garnered quite a bit of attention. We had about 81k visitors drop by on the first day and for the most part, the feedback has been overwhelmingly positive. Most people have said it's great to have the data surfaced publicly and they've used that list to put some pressure on sites to up their game.

Accountability 135

Accountability Insurance Banking Media 135

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

AUGUST 3, 2018

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.

Engineering 277

Engineering 277

Krebs on Security

AUGUST 3, 2018

TCM Bank , a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.

Banking 190

Banking Data breaches Identity Theft Retail 190

Troy Hunt

AUGUST 2, 2018

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: BBQ time ?? pic.twitter.com/yq5hXOGABt — Troy Hunt (@troyhunt) August 3, 2018. References. Fashion Nexus suffered a data breach ("Is there an official statement?

Data breaches 113

Data breaches Passwords 113

Schneier on Security

JULY 30, 2018

Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive.

Media 277

Media Accountability 277

WIRED Threat Level

JULY 29, 2018

Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.

Internet 111

Internet Internet 111

The Last Watchdog

AUGUST 2, 2018

The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying pr

Internet 160

Internet Internet Cybersecurity Education 160

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

JULY 31, 2018

The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar - yet.

Cybersecurity 111

Cybersecurity 111

Schneier on Security

AUGUST 1, 2018

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.

Big data 257

Big data Encryption Authentication IoT 257

Adam Levin

AUGUST 3, 2018

One of the world’s largest websites has announced a security compromise. Reddit, the self-proclaimed “front page of the Internet,” announced a security breach that occurred over a three-day period in June. What Happened. The hacker or hackers bypassed the site’s 2-Factor Authentication associated with several employees credentialed to access sensitive data and used that access to take email addresses, server logs, and a decade-old database containing logins and passwords.

Authentication 100

Authentication Hacking Passwords Internet 100

The Last Watchdog

JULY 30, 2018

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

CISO 140

CISO Cyber Attacks Data collection Cybersecurity 140

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Shostack

JULY 31, 2018

I’m honored to have my threat modeling book on this short list with Daniel Kahneman, Tony Hsieh, Nicole Forsgren, and Tom DeMarco: “ Summer Reading List: Top Recommendations from our Engineers.

Engineering 100

Engineering 100

Schneier on Security

JULY 30, 2018

Good policy paper (summary here ) on the threats, current state, and potential policy solutions for the poor security of US space systems.

Cybersecurity 245

Cybersecurity 245

Security Affairs

AUGUST 1, 2018

Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October and November 2017, this means that for months Android users were exposed to the attack.

Malware 96

Malware Advertising Software Passwords 96

Dark Reading

AUGUST 1, 2018

An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.

Data breaches 68

Data breaches Passwords 68

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Shostack

JULY 30, 2018

Cybersecurity 2.0 is a new promo from Humble Bundle. Nearly $800 worth of books, including my Threat Modeling, Schneier’s Secrets and Lies, and a whole lot more!

Cybersecurity 100

Cybersecurity 100

Schneier on Security

AUGUST 2, 2018

Evidence that stolen credit cards are being used to purchase items in games like Clash of Clans, which are then resold for cash.

227

227

Security Affairs

AUGUST 1, 2018

Reddit Warns Users of Data Breach. Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.

Data breaches 79

Data breaches Backups Passwords Authentication 79

Dark Reading

AUGUST 1, 2018

HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.

Hacking 65

Hacking 65

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

AUGUST 2, 2018

This article was originally featured as a guest post on Venafi’s blog. Thales eSecurity and Venafi are technology partners. One of the biggest threat to machine identities today is the integrity of the software that runs within them, and that dictates their programed function. Whereas many machines worked independently in the past, the availability of ubiquitous communications is making it possible for networks of machines – including sensors, cloud applications, and distributed controls &

Digital transformation 63

Digital transformation Authentication Software Data collection 63

Schneier on Security

JULY 31, 2018

The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone?

Surveillance 183

Surveillance Hacking 183

Security Affairs

AUGUST 3, 2018

Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Security experts have uncovered a massive cryptojacking campaign that is targeting MikroTik routers, the hackers aim to change the configuration of the devices to inject a Coinhive cryptocurrency mining script in the users’ web traffic.

Cryptocurrency 75

Cryptocurrency Internet Internet Advertising 75

WIRED Threat Level

JULY 31, 2018

The company removed 32 pages and accounts from Facebook and Instagram for “coordinated inauthentic behavior.”.

Accountability 60

Accountability 60

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Thales Cloud Protection & Licensing

JULY 31, 2018

The newest CipherTrust Cloud Key Manager capability. CipherTrust Cloud Key Manager is a multi-cloud encryption key management solution ideal for customers using Microsoft Azure Key Vault , Amazon Web Services Key Management Service , Microsoft Office365 or Salesforce Shield Platform Encryption. Before I talk about the importance of the newest feature of Cipher Trust Key Manager let’s define some terms to get everyone thinking similarly about keys and key management.

Encryption 54

Encryption Technology 54

Schneier on Security

AUGUST 3, 2018

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. It is possible the military needs a cyber corps in the future, but by accelerating promotions, offering graduate school to newly commissioned officers, easing limited lateral entry for exceptional private-sector talent, and shortening

Hacking 158

Hacking Cybersecurity 158

Security Affairs

JULY 30, 2018

ICO platforms are becoming a privileged target for hackers, the last victim in order of time is KickICO, a Blockchain crowdfunding website for ICO. On Friday, KickICO disclosed a security breach, according to the platform attackers accessed to its wallets and stole over 70 million KICK tokens (roughly $7.7 million at the time). The incident occurred on July 26, at 09:04 UTC, KickICO CEO Anti Danilevski explained that its staff learned of the security breach from victims who complained to it. 

Advertising 75

Advertising Data breaches Marketing Hacking 75

WIRED Threat Level

JULY 31, 2018

After five years, US lawmakers and law enforcement are starting to fight back against 3-D printed firearms and "ghost guns.".

59

59

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk